How to replace an ACL that carries the keyword established if an AR router is replaced with a device of competitor C

Processing procedure: The permit tcp any any established command of competitor C is used to allow TCP response packets to be released.
A TCP response packet must contain the ACK label bit or RST label bit.
On an AR router, the traffic-filter command is used to configure an ACL-based packet filtering function on an interface.
If the action for packets that match a rule is deny, the packets are discarded directly.
If the action for packets that match a rule is permit, the packets are released.
If the packets do not match any rule, the packets are released.
Configuration on the AR router is as follows:
[Huawei] acl 3000
[Huawei-acl-adv-3000] rule 5 permit tcp tcp-flag ack
[Huawei-acl-adv-3000] rule 10 permit tcp tcp-flag rst
[Huawei-acl-adv-3000] rule 15 deny
[Huawei-acl-adv-3000] quit
[Huawei] interface ethernet 2/0/0
[Huawei-Ethernet2/0/0] traffic-filter inbound acl 3000

The key of the solution is the meaning of the keyword established in the ACL.
Equivalent commands can be replaced correctly only after the implementation functions of the commands of the competitor are correctly understood (by querying the competitor manual).

Scroll to top