Method used to configure the mask in the ACL on the AR

Masks in ACL rules configured on the AR series routers and S series switches are wildcard masks. The wildcard mask is also called wildcard and is in dotted decimal notation. When the wildcard is converted to a binary value, the value 0 indicates that the bit is matched and the value 1 indicates that the bit is not matched. The value 0 or l of a binary value can be incontiguous. For example, the IP address is and the wildcard is, representing that the network address is 192.168.1.x0x0xx01. The value of x can be 0 or 1.
Example:  system-view
[Huawei] acl number 2000
[Huawei-acl-basic-2000] rule permit source 0 //Permit only a specific IP address, with the wildcard mask of that is abbreviated as 0.
[Huawei-acl-basic-2000] rule permit source //Permit a network segment (mask, with the wildcard mask of The wildcard mask is used in an ACL.

Scroll to top