ZXR10 2900E Series Command Reference
Command Mode
Hybrid ingress ACL configuration mode
Syntax
rule
<
1-500
>{
permit
|
deny
}
tcp
{<
source-ipaddr
><
sip-mask
>|
any
}[
source-port
<
0-65535
><
s
port-mask
>]{<
destination-ipaddr
><
dip-mask
>|
any
}[
dest-port
<
0-65535
><
dport-mask
>][
dscp
<
0-63
>][
fragment
][
cos
<
0-7
>][<
vlan-id
>[<
vlan-mask
>]][<
source-mac
><
smac-mask
>|
any
][<
de
st-mac
><
dmac- mask
>|
any
]
Parameter Description
Parameter
Description
<
1-500
>
Rule number.
permit
If the condition matches, access is permitted.
deny
If the condition matches, access is denied.
tcp
This rule is only valid for TCP packet. Other packets ignore this
rule.
<
source-ipaddr
>
IP address of the source network or host transmitting packets. It is
a 32-bit IP address expressed in dotted decimal notation.
<
sip-mask
>
Source mask and used for source. It is a 32-bit IP address
expressed in dotted decimal notation.
source-port
<
0-65535
>
TCP source port number of the transmitted packet
The parameters of source-port can resolve the some known port
numbers. Also the port number and mask can be directly inputted.
<
sport-mask
>
Source port mask.
any
(first)
The any keyword is used as the abbreviation of the source 0.0.0.0
and the source mask 0.0.0.0.
<
destination-ipaddr
>
Destination network or host of the transmitted packet. It is a 32-bit
IP address expressed in dotted decimal notation.
<
dip-mask
>
Destination mask used for destination. It is a 32-bit IP address
expressed in dotted decimal notation.
any
(second)
The any keyword is used as the abbreviation of the destination
0.0.0.0 and the destination mask 0.0.0.0
dest-port
<
0-65535
>
TCP destination port number of the transmitted packet
The parameters of dest-port can resolve the some known port
numbers. Also the port number and mask can be directly inputted.
<
dport-mask
>
Destination port mask.
4-236
SJ-20130731155059-003|2013-11-27 (R1.0)
ZTE Proprietary and Confidential