No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Security

CloudEngine 8800, 7800, 6800, and 5800 V200R005C10

This document describes the configurations of Security, including ACL, local attack defense, MFF, attack defense, traffic suppression and storm control, ARP security, Port security, DHCP snooping, ND snooping, PPPoE+, IPSG, SAVI, separating the management plane from the service plane, security risks.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Licensing Requirements and Limitations for ACLs

Licensing Requirements and Limitations for ACLs

Involved Network Elements

Other network elements are not required.

Licensing Requirements

ACL is a basic feature of a switch and is not under license control.

Version Requirements

Table 3-2 Products and minimum version supporting ACL

Product Model

Minimum Version Required

CE8860EI

V100R006C00

CE8861EI

V200R005C10

CE8868EI

V200R005C10

CE8850-32CQ-EI

V200R002C50

CE8850-64CQ-EI

V200R005C00

CE7850EI

V100R003C00

CE7855EI

V200R001C00

CE6810EI

V100R003C00

CE6810-48S4Q-LI/CE6810-48S-LI

V100R003C10

CE6810-32T16S4Q-LI/CE6810-24S2Q-LI

V100R005C10

CE6850EI

V100R001C00

CE6850-48S6Q-HI

V100R005C00

CE6850-48T6Q-HI/CE6850U-HI/CE6851HI

V100R005C10

CE6855HI

V200R001C00

CE6856HI

V200R002C50

CE6857EI

V200R005C10

CE6860EI

V200R002C50

CE6865EI

V200R005C00

CE6870-24S6CQ-EI/CE6870-48S6CQ-EI

V200R001C00

CE6870-48T6CQ-EI

V200R002C50

CE6875EI

V200R003C00

CE6880EI

V200R002C50

CE5810EI

V100R002C00

CE5850EI

V100R001C00

CE5850HI

V100R003C00

CE5855EI

V100R005C10

CE5880EI

V200R005C10

Feature Limitations

When deploying ACL on the switch, pay attention to the following:
  • The deletion of ACL validity time range makes some ACLs invalid. Use this command with caution.

  • For switches except the CE5880EI, CE6870EI, CE6875EI, and CE6880EI, TRILL, FCoE, VXLAN, and services that use ACL rules to match tunnel-encapsulated inner packets consume UDF resources. When multiple types of services are used together and UDF resources are insufficient, adjust the services so that they can be delivered successfully.
  • In the VXLAN scenario of CE6870EI and CE6875EI, when the destination port number of a UDP packet is 4789, the ACL rule cannot match the destination and source port numbers of this packet. In the non-VXLAN scenario of CE6870EI and CE6875EI, when the destination port number of a UDP packet is 65535, the ACL rule cannot match the destination and source port numbers of this packet.
  • For the CE5880EI and CE6880EI, when the packet forwarding mode is set to Cut Through, the devices do not support ACL.
  • For the CE6810LI, when the L2 ACL rule is set to deny in the inbound direction of an interface, ping packets sent by the device are not discarded even if the ping packets match this rule.
Translation
Download
Updated: 2019-04-20

Document ID: EDOC1100074765

Views: 18822

Downloads: 64

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next