How to configure and delete an advanced ACL on the AR

Configure and delete the advanced ACL on the AR
An advanced ACL can define rules based on the source IP address of IPv4 packets, destination IP addresses, IP priority, Type of Service (ToS), DiffServ Code Point (DSCP), IP protocol type, Internet Control Message Protocol (ICMP) type, TCP source and destination ports, and User Datagram Protocol (UDP) source and destination ports. Advanced IPv4 ACLs are short for advanced ACLs. The number ranges from 3000 to 3999.
Command: rule [ rule-id ] { deny | permit } { protocol-number | icmp |tcp|udp| GRE|IGMP|IPINIP|OSPF} [ destination { destination-address destination-wildcard | any } | icmp-type { icmp-name | icmp-type icmp-code } | source { source-address source-wildcard | any } | logging | time-range time-name | vpn-instance vpn-instance-name | [ dscp dscp | [ tos tos | precedence precedence ] * ] | [ fragment | none-first-fragment ] ] descriptions of part numbers
rule-id: The value is an integer that ranges from 0 to 4294967294. The device automatically generates a rule ID starting from the step value. By default, the step value is 5. That is, the rule ID starts from 5 and subsequent rule IDs are multiples of 5, that is, 5, 10, 15, and so on.
The specified rule-id is valid only when the configuration mode is used. In automatic mode, the device automatically allocates a rule ID based on the depth-first algorithm.
deny: rejects the packets that meet conditions.
permit: permits the packets that meet conditions.
protocol-number: indicates the protocol type that is expressed in name or number. The value is an integer that ranges from 1 to 255. If the value is expressed in name, it can be gre, icmp, igmp, ip, ipinip, ospf, tcp, or udp. The value icmp corresponds to 1, tcp corresponds to 6, udp corresponds to 17, gre corresponds to 47, igmp corresponds to 2, ipinip corresponds to 4, and ospf corresponds to 89.
The destination address is in dotted decimal notation. The wildcard of the destination IP address can be 0, which is equivalent to 0.0.0.0, indicating that the destination IP address is a host address.
The wildcard is in dotted decimal notation. When the wildcard is converted to a binary value, the value 0 indicates that the bit is matched and the value 1 indicates that the bit is not matched. The value 0 or l of a binary value can be incontiguous. For example, the IP address is 192.168.1.169 and the wildcard is 0.0.0.172, representing that the network address is 192.168.1.x0x0xx01. The value of x can be 0 or 1.
For example, add a rule to ACL 3001 to match the packets with source UDP port 128 from 129.9.8.0 to 202.38.160.0.
<Huawei> system-view
[Huawei] acl 3001
[Huawei-acl-adv-3001] rule permit udp source 129.9.8.0 0.0.0.255 destination 202.38.160.0 0.0.0.255 destination-port eq 128
Delete a rule from ACL 3000.
<Huawei> system-view
[Huawei] acl 3000 
[Huawei-acl-adv-3000] undo rule 1

Scroll to top