How do I control access through specific source or destination addresses

0


You can configure access control lists (ACLs) to match source or destination addresses. For example, under the following configuration, the host at 10.1.1.1 can only access hosts on the 10.1.1.18/26 network segment.


[Huawei] acl 3000
[Huawei-acl-adv-3000] rule permit ip source 10.1.1.1 0 destination 10.1.1.18 0.0.0.63
[Huawei-acl-adv-3000] rule deny ip source 10.1.1.1 0

For configurations of other traffic classifiers, behaviors (actions set to permit), and policies, see Traffic Policy Configuration in the AR Configuration Guide - QoS.

Other related questions:
How to limit the specified source or destination address to access the network
You can configure an ACL to match the source or destination address. If the host with the source IP address of 10.1.1.1 is required to access only the host on network segment 10.1.1.18/26, the configuration is as follows: For details on how to configure a traffic classifiers, behaviors (action is set to permit), and traffic policies, see MQC Configuration in AR CLI-based Configuration Guide - QoS.

Query of session entries with specified IP addresses
You can view session entries with specified source or destination IP addresses on the web UI or CLI. For the USG6000 series, on the web UI, choose Monitor > Session Table to view the session table. Then, click Advanced Search and enter the specified IP address in Source Address or Destination Address. For the USG2000&5000 series, on the web UI, choose Firewall > Monitor > Session Table to view the session table. Then, click Advanced Search, select Source or Destination from the IP Address drop-down list, and enter the specified IP address. For the USG2000&5000 and USG6000 series, you can run the display firewall session table source [ verbose ] { inside ip-address | global ip-address } or display firewall session table destination { inside ip-address | global ip-address command to view session information about the specified source or destination IP address.

How to display the source and destination addresses of forwarded packets on S series switches
For S series switches (except the S1700), no command is available to display the source or destination addresses of the forwarded packets. If you want to obtain the addresses, use a tool to capture packets.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top