How to configure an ACL

Before configuring an ACL, familiarize yourself with the following information:

--An ACL is composed of a list of rules. Each rule contains a deny or permit clause. These rules may overlap or conflict. One rule can contain another rule, but the two rules must be different.
--By default, rules in an ACL are matched at the sequence they were configured. When the switch finds that a packet matches a rule, it stops the matching process.
--Rules in an ACL can only classify packets. To enable the switch to process packets that match deny or permit rules in an ACL, apply the ACL to a specific feature, such as traffic policy and FTP. Different features process packets classified by ACLs in different manners. For details, see the configuration guides of the features.

The following is an ACL configuration example.
Create an advanced ACL numbered 3000 and add two rules in ACL 3000. The two rules deny all IP packets sent from hosts on network segment 192.168.1.0 and permit all IP packets sent from hosts on other network segments.
[HUAWEI] acl 3000
[HUAWEI-acl-adv-3000] rule 5 deny ip source 192.168.1.0 0.0.0.255
[HUAWEI-acl-adv-3000] rule 15 permit ip

Scroll to top