No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


Configuration Guide - Security

CloudEngine 8800, 7800, 6800, and 5800 V200R005C10

This document describes the configurations of Security, including ACL, local attack defense, MFF, attack defense, traffic suppression and storm control, ARP security, Port security, DHCP snooping, ND snooping, PPPoE+, IPSG, SAVI, separating the management plane from the service plane, security risks.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
ACL Fundamentals

ACL Fundamentals

An ACL manages all configured rules and provides the algorithm for matching packets.

ACL Rule Management

An ACL can contain multiple rules, each identified by a rule ID that can be set by a user or automatically generated based on the configured increment between ACL rule IDs. All rules in an ACL are arranged in ascending order of rule IDs.

As mentioned above, there is an increment that can be configured between automatically generated rule IDs. For example, if this is set to 5, rules that are automatically generated are numbered 5, 10, 15, and so on. If an ACL increment is set to 2, the system automatically generates rule IDs starting from 2. This increment makes it possible to add a new rule between existing rules.

ACL Rule Matching

When a packet reaches a device, the device retrieves information from the packet and matches it against conditions of all ACL rules. The first match determines whether the packet is permitted or denied, and then the device stops matching. If no match is found, the device does not process the packet.

ACL rules can be classified into permit rules and deny rules.

In summary, the ACL classifies packets into the following types:
  • Packets matching a permit rule
  • Packets matching a deny rule
  • Packets that do not match any rules

Different features process the three types of packets in different ways. For details, see licensing requirements and limitations of feature manuals.

Updated: 2019-04-20

Document ID: EDOC1100074765

Views: 22587

Downloads: 92

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next