Method 2 for configuration of Huawei ACL
Configuration ACL (configuration sequential casually)
ACL num 3001 Mach Auto
Rule permit IP sour 10.10.10.0 0.0.0.255
Rule den IP
Rule deny IP sour 10.10.10.145
0
Rule permit IP sour 192.168.0.0 0.0.255.255
Under the ACL to
port
Int e 1/0/2
Pack in IP
3001 rule 0 (rule 0 must be applied, otherwise all banned)
Pack in IP
3001
To configure the output:
ACL number 3000 (order 0123, according to the configuration order)
Rule 0 deny IP
Rule 1 permit IP source 192.168.0.0 0.0.255.255
Rule 2 permit IP source 10.10.10.0 0.0.0.255
Rule 3 deny IP source 10.10.10.145 0
ACL number 3001 match-order auto (order 3120, according to mask alignment)
Rule 3 deny IP source 10.10.10.145 0
Rule 1 permit IP source 10.10.10.0 0.0.0.255
Rule 2 permit IP source 192.168.0.0 0.0.255.255
Rule 0 deny IP
#
VLAN 1
#
Interface Aux1/0/0
#
Interface Ethernet1/0/1 (order 0123, and ACL order)
Packet-filter inbound ip-group 3000 rule 0
Packet-filter inbound ip-group 3000 rule 1
Packet-filter inbound ip-group 3000 rule 2
Packet-filter inbound ip-group 3000 rule 3
#
Interface Ethernet1/0/2 (order 0312 ACL, and not
in the same order)
Packet-filter inbound ip-group 3001 rule 0
Packet-filter inbound ip-group 3001 rule 3
Packet-filter inbound ip-group 3001 rule 1
Packet-filter inbound ip-group 3001 rule 2
#
The user limit filter ACL like
Cisco, execution, down from the standard of comparison, do not explain.
In addition to pay different switch ACL execution
instructions:
Quidway S series
of low-end switches most of the equipment support ACL matching rulesissued after Mr effect, including S3000-EI series, S3526E series, S3700 series, S5000series and S5700 series; and a part of the equipment support ACL matching rules are firstsent Mr effect, such as S3552 series and S5100-EI series. In addition, S3526 series switchessupport ACL matching is depth first, the minimum address range rule priority.
没有评论:
发表评论