Adding ACL rules to policies on the USG2000&5000

ACL is an important method of data control on the device, and applies to packet filtering, Network Address Translation (NAT), IPSec, Quality of Service (QoS), and policy-based routing. The routing device defines a series of rules to filter packets and therefore determine which packets can pass through. These rules are defined by the ACL.

An ACL consists of a series of orderly rules containing permit and deny clauses. These rules cover source IP addresses, destination IP addresses, and port numbers of packets. The ACL classifies packets through these rules. After the rules are applied to the interface of a routing device, the device determines which packets can be received and which shall be denied according to the ACL.

? Basic ACL: controls packets based on source IP addresses.
? Advanced ACL: controls packets based on source IP addresses, destination IP addresses, source ports, destination ports, and protocols.
? MAC address-based ACL: controls packets or Ethernet frames based on source MAC addresses, destination MAC addresses, and types and priorities of data frames.
How to apply these ACLs to policies?

The following part uses an example to describe how to add ACL rules to a policy.

For example:

1. Add an ACL rule.

acl number 2001
rule 0 permit source

route-policy CMD permit node 10
if-match acl 2001
In the preceding configuration, access control is based on source addresses. After the rule is added to the routing policy, forwarding is performed only after the rule condition is met.

Scroll to top