No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Web-based Configuration Guide

AR650, AR1600, and AR6100 V300R003

This document describes how to configure and maintain your routers using the web platform.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Advanced ACL Setting

Advanced ACL Setting

Context

After advanced ACL rules are configured, routers classify IPv4 or IPv6 packets based on information such as source IP addresses, destination IP addresses, source port numbers, destination port numbers, protocols, priorities, and time ranges in the packets.

Procedure

  • Creating an advanced ACL rule
    1. Access the Advanced ACL Setting tab page.

      Log in to the web platform and choose Security > ACL > Advanced ACL Setting, as shown in Figure 14-4.
      Figure 14-4  Advanced ACL Setting

    2. Click Create in the Advanced ACL Setting List area. Enter an ACL rule name in the Create Advanced ACL Setting dialog box, as shown in Figure 14-5. To create an advanced ACL4 rule, click IPv4; to create an advanced ACL6 rule, click IPv6.

      Figure 14-5  Create Advanced ACL Setting

      NOTE:

      The value of ACL name is a string of 1 to 32 characters without spaces or question marks (?) and must start with a letter.

    3. Click OK.
    4. Click Add rules to add advanced ACL rules. You can add advanced ACL rules in either of the following ways:

      • In the ACL rule list
        1. Set parameters in the ACL rule list, as shown in Figure 14-6. Table 14-2 describes the parameters.

          Figure 14-6  ACL rule list

        2. Click . To delete an advanced ACL rule, click .
      • In the Add Rules dialog box
        1. Click Advanced and set parameters in the Add Rules dialog box, as shown in Figure 14-7 and Figure 14-8. Table 14-2 describes the parameters.

          Figure 14-7  Add IPv4 ACL Rules

          Figure 14-8  Add IPv6 ACL Rules

        2. Click OK. To delete an advanced ACL rule, click .
      Table 14-2  Advanced ACL rule parameters

      Parameter

      Description

      Rule number

      ACL rule number.

      NOTE:

      If you do not specify a rule number, the system allocates a number for the rule. The rule number cannot be changed.

      Action

      Whether to permit or deny packets.

      Protocol Type

      Advanced ACL4 rules support the following protocols:
      • ICMP (1)

        When this parameter is set to ICMP(1), set ICMP parameter whose value is in the format of ICMP message type/message code.

      • IGMP (2)
      • GRE (47)
      • IP
      • IPINIP (4)
      • OSPF (89)
      • TCP (6)
      • UDP (17)
      • User-defined type
      Advanced ACL6 rules support the following protocols:
      • GRE (47)
      • ICMPV6 (58)

        When this parameter is set to ICMPV6(58), set ICMP parameter whose value is in the format of ICMP message type/message code.

      • IPV6
      • OSPF (89)
      • TCP (6)
      • UDP (17)
      • User-defined type
      NOTE:

      The value of User-defined type is valid only in the Add Rules dialog box.

      When this parameter is set to User-defined type, enter a protocol number in the User-defined parameter text box.

      Matched priority

      An advanced ACL4 rule can match the following types of priorities:
      • Differentiated services code point (DSCP) priority

        The ACL rule filters packets based on the DSCP value. Enter a DSCP priority in the text box displayed after you select DSCP priority.

      • IP priority

        The ACL rule filters packets based on the IP priority field. Enter an IP priority in the text box displayed after you select IP priority.

      An advanced ACL6 rule can match the following types of priorities:
      • Differentiated services code point (DSCP) priority

        The ACL rule filters packets based on the DSCP value. Enter a DSCP priority in the text box displayed after you select DSCP priority.

      • IP priority

        The ACL rule filters packets based on the IP priority field. Enter an IP priority in the text box displayed after you select IP priority.

      • Type of service (ToS) priority

        The ACL rule filters packets based on the ToS field. Enter a ToS priority in the text box displayed after you select ToS priority.

      ToS priority

      ToS priority based on which an advanced ACL4 rule filters packets.

      Source IP/Prefix Length(Wildcard)

      Source IP address of packets to be matched by the ACL rule.

      • When the ACL type is IPv4, enter the source IP address and wildcard both in dotted decimal notation.

      • When the ACL type is IPv6, enter the source IP address and prefix length. The source IP address is in colon hexadecimal notation. The prefix length is an integer that ranges from 1 to 128.

      Wildcard

      Wildcard matching the source or destination IP address of packets to be matched by the ACL rule. The wildcard is in dotted decimal notation.

      Set this parameter only when the ACL type is IPv4.

      Subnet prefix length

      Length of the subnet prefix matching the source or destination IP address of packets to be matched by the ACL rule. The value is an integer that ranges from 1 to 128.

      Set this parameter only when the ACL type is IPv6.

      Source IP address

      Source IP address of packets to be matched by the ACL rule.

      • When the ACL type is IPv4, enter the source IP address in dotted decimal notation.

      • When the ACL type is IPv6, enter the source IP address in colon hexadecimal notation.

      Destination IP/Prefix Length(Wildcard)

      Destination IP address of packets to be matched by the ACL rule.

      • When the ACL type is IPv4, enter the destination IP address and wildcard both in dotted decimal notation.

      • When the ACL type is IPv6, enter the destination IP address and prefix length. The destination IP address is in colon hexadecimal notation. The prefix length is an integer that ranges from 1 to 128.

      NOTE:

      If Destination IP/Prefix Length(Wildcard) is not specified, the packets with any destination address are matched with the ACL rule.

      Destination IP address

      Destination IP address of packets to be matched by the ACL rule.

      • When the ACL type is IPv4, the destination IP address is in dotted decimal notation.

      • When the ACL type is IPv6, the destination IP address is in colon hexadecimal notation.

      Source Port

      This parameter is valid only when the protocol is TCP or UDP. If this parameter is not specified, Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) packets with any source port are matched.

      Destination Port

      This parameter is valid only when the protocol is TCP or UDP. If this parameter is not specified, TCP or UDP packets with any destination port are matched.

      Time range

      Name of a time range during which ACL rules take effect.

      NOTE:

      The time range name is displayed on the Time Range tab page.

      If this parameter is not specified, ACL rules are always valid.

  • Deleting an advanced ACL rule
    1. Access the Advanced ACL Setting tab page.

      Log in to the web platform and choose Security > ACL > Advanced ACL Setting.

    2. Click next to an advanced ACL rule.
    3. In the dialog box that is displayed, click OK.
Download
Updated: 2019-04-12

Document ID: EDOC1100041803

Views: 36055

Downloads: 100

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next