No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S600-E V200R011C10 Web-based Configuration Guide

This document describes the configuration and maintenance of device through the web network management system. The web network management system provides the functions of viewing device information and managing the entire system, interfaces, services, ACL, QoS, routes, security, and tools.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
ACL

ACL

Access control lists (ACLs) are used to identify flows. A network device filters packets according to certain rules. It must identify packets first, and then permits or denies the packets according to the configured policy.

Interface ACL

You can apply an ACL to an interface to filter the packets received by the interface.

Context

You can configure ACL rules and apply the ACL to an interface to filter the packets received by the interface. The ACL rule configuration includes source and destination IP addresses, protocol type, source and destination port numbers.

Procedure

  • Query the ACL rules applied to interfaces.
    1. Click Configuration to display the Configuration page.
    2. Choose Security Services > ACL in the navigation tree to display the ACL page.
    3. Click the Interface ACL tab to display the Interface ACL page, as shown in Figure 5-88.

      Figure 5-88  Interface ACL

    4. Click the icon of the interface to which the ACL rules are applied. The ACL rule record is displayed in the ACL Rule List area, as shown in Figure 5-89.

      Figure 5-89  Querying ACL rules

  • Copy the ACL rules that have been applied to an interface to another interface.
    1. Click Configuration to display the Configuration page.
    2. Choose Security Services > ACL in the navigation tree to display the ACL page.
    3. Click the Interface ACL tab to display the Interface ACL page.
    4. Click the icon of the interface to which the ACL rules have been applied. Click Copy To to display the Copy To page, as shown in Figure 5-90.

      Figure 5-90  Copying ACL rules

    5. Select the target interface to which the ACL rules are copied. You can perform the following operations as required:

      • Click the icon of a single interface. Re-click the icon to deselect the interface.
      • Click the icons of multiple interfaces.
      • Drag the mouse to select multiple neighboring interfaces.
      • Click a device panel name and select all interfaces.

    6. Click OK.
  • Create ACL rules.

    1. Click Configuration to display the Configuration page.

    2. Choose Security Services > ACL in the navigation tree to display the ACL page.

    3. Click the Interface ACL tab to display the Interface ACL page.

    4. Click the icon of the interface to which the ACL rules need to be applied and create ACL rules.

      • If no record is displayed in the ACL Rule List area, click on the right of Operation or Add on the left of Ascend. A record of ACL Rule List is displayed in the ACL Rule List area. Set the ACL rule parameters.

      • If the existing ACL rule records are displayed in the ACL Rule List area, click on the right of Operation or Add on the left of Ascend or on the right of Delete. A new record of ACL Rule List is displayed in the ACL Rule List area. Set the ACL rule parameters, as shown in Figure 5-91.

        NOTE:

        If you click on the right of Operation or Add on the left of Ascend, a new record of ACL Rule List is inserted to the first line in the ACL Rule List area. If you click Add on the right of Delete, a new record of ACL Rule List is inserted below the current line in the ACL Rule List area.

        Figure 5-91  Creating ACL rules

        Table 5-44 describes the parameters for creating ACL rules.

        Table 5-44  Parameters for creating ACL rules

        Parameter

        Description

        Source IP address

        Indicates the source IP address. The default value is any, indicating that any source IP address can be specified.

        Mask of Source IP

        Indicates the mask of the source IP address. The default value is 0 (0.0.0.0).

        Destination IP address

        Indicates the destination IP address. The default value is any, indicating that any destination IP address can be specified.

        Mask of Destination IP

        Indicates the mask of the destination IP address. The default value is 0 (0.0.0.0).

        Protocol type

        Indicates the protocol type, including:
        • ip
        • tcp
        • udp
        • icmp
        The default protocol type is IP.

        Source Port Num

        Indicates the source port number.

        This parameter is valid only when the protocol type is TCP or UDP. If this parameter is not specified, TCP or UDP packets with any source port are matched.

        Dest Port Num

        Indicates the destination port number.

        This parameter is valid only when the protocol type is TCP or UDP. If this parameter is not specified, TCP or UDP packets with any destination port are matched.

        Action

        Indicating the action matching a packet, including:
        • permit
        • deny
        The default action is permit.

        Operation

        • Delete
        • Add
    5. Click Apply.

  • Edit ACL rules.

    1. Click Configuration to display the Configuration page.

    2. Choose Security Services > ACL in the navigation tree to display the ACL page.

    3. Click the Interface ACL tab to display the Interface ACL page.

    4. Click the icon of the interface to which the ACL rules have been applied and edit ACL rules.

      • Edit ACL rule entries.

        Modify the ACL rule parameters in the ACL Rule List area.

      • Adjust the ACL rule entry sequence.

        Select a record of ACL Rule List in the ACL Rule List area. Click Ascend or Descend to adjust the ACL rule entry sequence.

    5. Click Apply.

  • Delete ACL rules.

    1. Click Configuration to display the Configuration page.

    2. Choose Security Services > ACL in the navigation tree to display the ACL page.

    3. Click the Interface ACL tab to display the Interface ACL page.

    4. Click the icon of the interface to which the ACL rules have been applied. In the ACL Rule List area, click Delete next to the record to be deleted or select records and click Delete next to Descend to delete the ACL rules in batches.

    5. Click Apply.

VLAN ACL

You can apply an ACL to a VLAN to filter the VLAN packets.

Context

You can configure ACL rules and apply the ACL to a VLAN to filter the VLAN packets. The ACL rule configuration includes source and destination IP addresses, protocol type, source and destination port numbers.

Procedure

  • Query the ACL rules applied to VLANs.
    1. Click Configuration to display the Configuration page.
    2. Choose Security Services > ACL in the navigation tree to display the ACL page.
    3. Click the VLAN ACL tab to display the VLAN ACL page, as shown in Figure 5-92.

      Figure 5-92  VLAN ACL

    4. Select the ID of the VLAN to which the ACL rules are applied. The record is displayed in the ACL Rule List area, as shown in Figure 5-93.

      Figure 5-93  Querying ACL rules

  • Copy the ACL rules that have been applied to a VLAN to another VLAN.
    1. Click Configuration to display the Configuration page.
    2. Choose Security Services > ACL in the navigation tree to display the ACL page.
    3. Click the VLAN ACL tab to display the VLAN ACL page.
    4. Select the ID of the VLAN to which the ACL rules have been applied. Click Copy To to display the Copy To page, as shown in Figure 5-94.

      Figure 5-94  Copying ACL rules

    5. Enter the ID of the destination VLAN to which the ACL rule is applied, and click OK.
  • Create ACL rules.

    1. Click Configuration to display the Configuration page.

    2. Choose Security Services > ACL in the navigation tree to display the ACL page.

    3. Click the VLAN ACL tab to display the VLAN ACL page.

    4. Select the ID of the VLAN to which ACL rules need to be applied, and create the ACL rules.

      • If no record is displayed in the ACL Rule List area, click on the right of Operation or Add on the left of Ascend. A record of ACL Rule List is displayed in the ACL Rule List area. Set the ACL rule parameters.

      • If the existing ACL rule records are displayed in the ACL Rule List area, click on the right of Operation or Add on the left of Ascend or on the right of Delete. A new record of ACL Rule List is displayed in the ACL Rule List area. Set the ACL rule parameters, as shown in Figure 5-95.

        NOTE:

        If you click on the right of Operation or Add on the left of Ascend, a new record of ACL Rule List is inserted to the first line in the ACL Rule List area. If you click Add on the right of Delete, a new record of ACL Rule List is inserted below the current line in the ACL Rule List area.

        Figure 5-95  Creating ACL rules

        Table 5-45 describes the parameters for creating ACL rules.

        Table 5-45  Parameters for creating ACL rules

        Parameter

        Description

        Source IP address

        Indicates the source IP address. The default value is any, indicating that any source IP address can be specified.

        Mask of Source IP

        Indicates the mask of the source IP address. The default value is 0 (0.0.0.0).

        Destination IP address

        Indicates the destination IP address. The default value is any, indicating that any destination IP address can be specified.

        Mask of Destination IP

        Indicates the mask of the destination IP address. The default value is 0 (0.0.0.0).

        Protocol type

        Indicates the protocol type, including:
        • ip
        • tcp
        • udp
        • icmp
        The default protocol type is IP.

        Source Port Num

        Indicates the source port number.

        This parameter is valid only when the protocol type is TCP or UDP. If this parameter is not specified, TCP or UDP packets with any source port are matched.

        Dest Port Num

        Indicates the destination port number.

        This parameter is valid only when the protocol type is TCP or UDP. If this parameter is not specified, TCP or UDP packets with any destination port are matched.

        Action

        Indicating the action matching a packet, including:
        • permit
        • deny
        The default action is permit.

        Operation

        • Delete
        • Add
    5. Click Apply.

  • Edit ACL rules.

    1. Click Configuration to display the Configuration page.

    2. Choose Security Services > ACL in the navigation tree to display the ACL page.

    3. Click the VLAN ACL tab to display the VLAN ACL page.

    4. Select the ID of the VLAN to which ACL rules have been applied, and edit the ACL rules.

      • Edit ACL rule entries.

        Modify the ACL rule parameters in the ACL Rule List area.

      • Adjust the ACL rule entry sequence.

        Select a record of ACL Rule List in the ACL Rule List area. Click Ascend or Descend to adjust the ACL rule entry sequence.

    5. Click Apply.

  • Delete ACL rules.

    1. Click Configuration to display the Configuration page.

    2. Choose Security Services > ACL in the navigation tree to display the ACL page.

    3. Click the VLAN ACL tab to display the VLAN ACL page.

    4. Select the ID of the VLAN to which the ACL rules have been applied. In the ACL Rule List area, click Delete next to the record to be deleted or select records and click Delete next to Descend to delete the ACL rules in batches.

    5. Click Apply.

Translation
Download
Updated: 2019-09-23

Document ID: EDOC1000178031

Views: 33757

Downloads: 9

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next