Method 1 for configuration of Huawei ACL

Huawei ACL has been relatively trouble, different version, different types of equipment are different.Here the Huawei 3700 (S3700-28TP-PWR-EI)as an example, tell you the ACL configuration and implementation skills.

Summary: rule arrangement rules and auto, config model, and the matching sequence and ACL application environment and sent to the port of the sequential.

Description:

1, ACL can be divided into auto mode and config mode, auto mode according to the longest matching principle arranged rule sequence (DIS ACL all can notice to view the rulesequential, appear 42301 is normal). Config mode according to the user profile and sequential arrangement of rule sequence. That is to say auto and config just rule sequencerelated, has nothing to do with the matching order.

2, either auto mode or config mode, when ACL applied to the packet filter and QOS,matching sequence is from the bottom to the top, but to VTY user responsibility is matchedfiltering down from above.

3, either auto mode or config mode, matching order ACL are sent to the port according tothe rules from the bottom to the top matching.

4, in a ACL simultaneously with a plurality of rule matching, in accordance with the longest matching precedence.

Packet filter ACL examples:

Prohibition of online PC 10.10.10.145 

Allow network access 10.10.10.0/24

Allow network access 192.168.0.0/16

Ban on all IP

Method 1 for configuration of Huawei ACL

Configuration ACL (need to strictly in accordance with the allocation of order configuration)

ACL num 3000 Mach config

Rule den IP

Rule permit IP sour 192.168.0.0 0.0.255.255

Rule permit IP sour 10.10.10.0 0.0.0.255

Rule deny IP sour 10.10.10.145 0

Under the ACL to port

Int e 1/0/1

Pack in IP 3000