No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Security

CloudEngine 8800, 7800, 6800, and 5800 V200R005C10

This document describes the configurations of Security, including ACL, local attack defense, MFF, attack defense, traffic suppression and storm control, ARP security, Port security, DHCP snooping, ND snooping, PPPoE+, IPSG, SAVI, separating the management plane from the service plane, security risks.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
ACL Classification

ACL Classification

There are different ways of classifying ACLs:

  • Classify ACLs according to the naming mode:
    • A numbered ACL is identified by a rule ID.
      NOTE:
      A rule ID is the identifier of the ACL. For example, ACLs with a rule ID in the range from 2000 to 2999 are basic ACLs, and ACLs with a rule ID in the range from 3000 to 3999 are advanced ACLs.
    • A named ACL is identified by a name.
  • Classify ACL s according to their function, as listed in Table 3-1.
    Table 3-1 ACL classification according to function

    Category

    IP Version

    Function

    Note

    Basic ACL

    IPv4

    A basic ACL matches packets based only on the source IP address, fragment flag, and time range.

    A basic ACL is also called a basic IPv4 ACL.

    Basic ACLs can be numbered from 2000 to 2999.

    Advanced ACL

    IPv4

    An advanced ACL matches packets based on the source IPv4 address, destination IPv4 address, IP precedence, IP protocol type, Internet Control Message Protocol (ICMP) type, TCP source/destination port, and User Datagram Protocol (UDP) source/destination port.

    An advanced ACL is also called an advanced IPv4 ACL.

    Advanced ACLs can be numbered from 3000 to 3999.

    Layer 2 ACL

    IPv4 and IPv6

    A Layer 2 ACL matches packets based on Layer 2 information in packets, such as source and destination MAC addresses, and Ethernet frame protocol number.

    Layer 2 ACLs can be numbered from 4000 to 4999.

    User-defined ACL

    IPv4 and IPv6

    A user-defined ACL matches certain contents in the packets according to the offset position and offset value.

    User-defined ACLs can be numbered from 5000 to 5999.

    ARP-based ACL

    IPv4

    An ARP-based ACL matches ARP packets based on the source/destination IP addresses and source/destination MAC addresses.

    ARP-based ACLs can be numbered from 23000 to 23999.

    Basic ACL6

    IPv6

    A basic ACL6 matches packets based on the source IPv6 address, fragmentation flag, and time range.

    A basic ACL6 is also called a basic IPv6 ACL.

    Basic ACL6s can be numbered from 2000 to 2999.

    Advanced ACL6

    IPv6

    An advanced ACL6 matches packets based on the source IPv6 address and destination IPv6 address of data packets, protocol type supported by IPv6, features of the protocol such as the source port number and destination port number, ICMPv6 protocol, and ICMPv6 code.

    An advanced ACL6 is also called an advanced IPv6 ACL.

    Advanced ACL6s can be numbered from 3000 to 3999.

    NOTE:

    A basic ACL and a basic ACL6 can use the same rule ID, as can an advanced ACL and an advanced ACL6.

Translation
Download
Updated: 2019-04-20

Document ID: EDOC1100074765

Views: 18770

Downloads: 64

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next