How to replace an ACL that carries the keyword established if an AR router is replaced with a device of competitor C

0

Processing procedure: The permit tcp any any established command of competitor C is used to allow TCP response packets to be released.
A TCP response packet must contain the ACK label bit or RST label bit.
On an AR router, the traffic-filter command is used to configure an ACL-based packet filtering function on an interface.
If the action for packets that match a rule is deny, the packets are discarded directly.
If the action for packets that match a rule is permit, the packets are released.
If the packets do not match any rule, the packets are released.
Configuration on the AR router is as follows:
system-view
[Huawei] acl 3000
[Huawei-acl-adv-3000] rule 5 permit tcp tcp-flag ack
[Huawei-acl-adv-3000] rule 10 permit tcp tcp-flag rst
[Huawei-acl-adv-3000] rule 15 deny
[Huawei-acl-adv-3000] quit
[Huawei] interface ethernet 2/0/0
[Huawei-Ethernet2/0/0] traffic-filter inbound acl 3000

Solution:
The key of the solution is the meaning of the keyword established in the ACL.
Equivalent commands can be replaced correctly only after the implementation functions of the commands of the competitor are correctly understood (by querying the competitor manual).

Other related questions:
Change the SSID on AR routers
SSIDs identify different wireless networks. When you search for available wireless networks on your laptop, the displayed wireless network names are SSIDs. Assume that you change the SSID of service set hw to company. When the AR router functions as the WLAN AP, the procedure for reconfiguring the SSID is as follows: When the AR router functions as the WLAN AC, the procedure for reconfiguring the SSID is as follows: [Router]wlan ac //Enter the WLAN view. [Router-wlan-view]service-set name hw //Enter the service set view. [Router-wlan-service-set-hw]undo ssid //Delete the original SSID. [Router-wlan-service-set-hw]ssid company //Reconfigure the SSID. [Router-wlan-service-set-hw]quit //Return to the WLAN view. [Router-wlan-view]commit all //Commit the configuration so that the modified content can be delivered to the Fit AP. Warning: If the system displays the message indicating that the SSID is in use and cannot be changed, you need to unbind the service set to change the SSID.

Common configuration commands of S series switches for Ethernet features of other vendors
The followings are common configuration commands of S series switches (except the S1700) for Ethernet features of other vendors: 1. Configure the STP mode. [HUAWEI] stp mode stp 2. Disable MAC address learning - Disable MAC address learning on an interface. [HUAWEI] interface gigabitethernet 1/0/1 [HUAWEI-GigabitEthernet1/0/1] mac-address learning disable - Disable MAC address learning on a VLAN [HUAWEI] vlan 2 [HUAWEI-vlan2] mac-address learning disable 3. Configure a blackhole MAC address. [HUAWEI] vlan batch 5 [HUAWEI] mac-address blackhole 0004-0004-0004 vlan 5 For other configuration commands, refer to Common Operation Guide.

Will the configuration of an AR router be lost after the SRU is replaced
The configuration file of an AR router is stored in the storage medium of the SRU. For a single-control router, the configuration of a router is subject to the new SRU. For a dual-control router, the router automatically copies the configuration file to the standby SRU after the active SRU is switched over to the standby SRU.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top