No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - Security

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R010

This document provides the basic concepts, configuration procedures, and configuration examples in different application scenarios of the network management feature supported by the device.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
ACL Classification

ACL Classification

Based on ACL Naming Methods

ACLs are classified into:

  • Numbered ACL: This is the traditional naming method. After an ACL is created, a unique number is specified for the ACL.

  • Named ACL: An ACL is identified by a name.

You can specify a number for a created ACL. Different types of ACLs have different number ranges, as described in Table 5-1. You can also specify a name for the created ACL to help you remember the ACL's purpose. A named ACL consists of a name and number. That is, you can specify an ACL number when you define an ACL name. If you do not specify a number for a numbered ACL, the device automatically allocates a number to it.

NOTE:

The name of a named ACL cannot be modified. Deleting an ACL name will delete the ACL.

Repeated ACL names can only be used between basic ACL and basic ACL6, and between advanced ACL and advanced ACL6.

Based on IP Protocol Versions

ACLs are classified into:

  • ACL4: filters IPv4 packets. It is also called ACL.

  • ACL6: filters IPv6 packets. It is also called IPv6 ACL.

In this document, ACL refers to ACL4, ACL6, and the ACL supporting both IPv4 and IPv6 packet filtering. Table 5-1 describes how each type of ACLs supports IPv4 and IPv6 packets.

Based on ACL Rule Definition Methods

Table 5-1 describes the ACLs based on rule definition methods.

Table 5-1  ACL classification based on ACL rule definition methods

Category

IP Version

Rule Definition Description

Number Range

Basic ACL

IPv4

Defines rules based on source IP addresses, fragmentation information, and time ranges.

2000-2999

Advanced ACL

IPv4

Defines rules based on source IPv4 addresses, destination IPv4 addresses, IPv4 protocol types, ICMP types, TCP source/destination port numbers, UDP source/destination port numbers, and time ranges.

3000-3999

Layer 2 ACL

IPv4&IPv6

Defines rules based on information in Ethernet frame headers of packets, such as the source MAC addresses, destination MAC addresses, and Layer 2 protocol types.

4000-4999

User ACL

IPv4

Defines rules based on source IPv4 addresses/destination IPv4 addresses, IPv4 protocol types, ICMP types, TCP source/destination port numbers, and UDP source/destination port numbers.

6000-6031

Basic ACL6

IPv6

Defines rules based on source IPv6 addresses, fragmentation information, and time ranges.

2000-2999

Advanced ACL6

IPv6

Defines rules based on source IPv6 addresses, destination IPv6 addresses, IPv6 protocol types, ICMPv6 types, TCP source/destination port numbers, UDP source/destination ports, and time ranges.

3000-3999

Translation
Download
Updated: 2019-08-07

Document ID: EDOC1100034077

Views: 125550

Downloads: 230

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next