Method used to configure the mask in the ACL on the AR

Masks in ACL rules configured on the AR series routers and S series switches are wildcard masks. The wildcard mask is also called wildcard and is in dotted decimal notation. When the wildcard is converted to a binary value, the value 0 indicates that the bit is matched and the value 1 indicates that the bit is not matched. The value 0 or l of a binary value can be incontiguous. For example, the IP address is 192.168.1.169 and the wildcard is 0.0.0.172, representing that the network address is 192.168.1.x0x0xx01. The value of x can be 0 or 1.
Example:  system-view
[Huawei] acl number 2000
[Huawei-acl-basic-2000] rule permit source 192.168.32.1 0 //Permit only a specific IP address, with the wildcard mask of 0.0.0.0 that is abbreviated as 0.
[Huawei-acl-basic-2000] rule permit source 192.168.32.0 0.0.0.255 //Permit a network segment (mask 255.255.255.0), with the wildcard mask of 0.0.0.255. The wildcard mask is used in an ACL.

Scroll to top