How to configure access control on the AR

AR series routers can implement access control through ACL filtering. Traffic filtering can be used on an interface to filter packets based on ACLs, but only WAN interfaces support this configuration. You can also configure a traffic policy to implement access control. Unidirectional access is implemented based on firewall zones but not ACLs.
Model 1:
Configure Eth2/0/0 to allow packet with the source IP address of 192.168.0.2/32 to pass through based on an ACL.
< system-view
[Huawei] acl 3000
[Huawei-acl-adv-3000] rule 5 permit ip source 192.168.0.2 0
[Huawei-acl-adv-3000] quit
[Huawei] interface ethernet 2/0/0
[Huawei-Ethernet2/0/0] traffic-filter inbound acl 3000
Model 2: The method used to create the ACL is similar to that in mode 1. The difference is that the traffic policy is used.
< system-view
[Huawei] traffic classifier c1
[Huawei-classifier-c1] if-match acl  3000
[Huawei-classifier-c1] quit
[Huawei] traffic behavior b1
[Huawei-behavior-b1]permit
[Huawei-behavior-b1] quit
[Huawei] traffic policy p1
[Huawei-trafficpolicy-p1] classifier c1 behavior b1 
# Apply the traffic policy p1 to Eth2/0/0 in the inbound direction.
[Huawei] interface ethernet 2/0/0
[Huawei-Ethernet2/0/0] traffic-policy p1 inbound
[Huawei-Ethernet2/0/0] quit

Scroll to top