Zte ZXR10 8900 Series - Configuring ACLs

To Next Page

To Previous Page

Chapter9ACLConguration

calport,VLANorSmartgroupvirtualinterface)supportstwoACL

processingmodesandcanprocesspacketsinthesetwomodes.

ConfiguringACLs

ACLcongurationincludes:

�DeneanACLrule

�Congureatimerange

�ApplytheACLtoaport

DefiningACLs

Thefollowingissuesaretobetakenintoaccountwhendening

ACLrules.

�Whenapacketmeetsmultiplerules,rstrulewillbematched.

Rulesequenceisveryimportant.Generally,rulesinasmall

rangeareputinthefrontandrulesinalargerangeareputin

theback.

�Consideringnetworksecurity,systemwilladdanimplicitdeny

ruletotheendofeachACLautomaticallyfordenyingallthe

packets.Apermitruleforallowingallpacketsshouldbede-

nedattheendofeachACL.

DefiningStandardACL

TocongurestandardACL,performthefollowingsteps.

Step

CommandFunction

ZXR10(config)#aclstandard{number<acl-number

>|name<acl-name>|alias<alias-name>}[match-

order{auto|config}]

ThisentersstandardACL

congurationmode

ZXR10(config-std-acl)#rule<rule-no>{permit|deny

}{<source>[<source-wildcard>]|any}[time-range

<timerange-name>]

Thisdenesrules

ZXR10(config-std-acl)#move<rule-no>after

<rule-no>

Thismovesarule

ZXR10(config-std-acl)#attachtime-range<Time

rangename>to<ruleid>

Thisbindsatimerangetoa

rule

ExampleThisexampledescribeshowtodeneastandardACLwhichal-

lowsaccessofmessagesfromnetwork192.168.1.0/24butdenies

messagesfromsourceIPaddress192.168.1.100.

ZXR10(config)#aclbasicnumber10

ZXR10(config-std-acl)#rule1deny192.168.1.1000.0.0.0

CondentialandProprietaryInformationofZTECORPORATION79

Zte ZXR10 8900 Series - Configuring ACLs

Table of Contents

Other manuals for Zte ZXR10 8900 Series

Related product manuals