ZXR10 2900E Series Command Reference
4.13.40 ingress-acl global rule type-ip
Purpose
This command sets the rule that the global ingress ACL matches the IPv4 packet.
Command Mode
Global ingress ACL configuration mode
Syntax
rule
<
1-500
>{
permit
|
deny
}
port
{<
1-28
>|
any
}
ip
{<
source-ipaddr
><
sip-mask
>|
any
}{<
destinat
ion-ipaddr
><
dip-mask
>|
any
}[
dscp
<
0-63
>][
fragment
][
cos
<
0-7
>][<
vlan-id
>[<
vlan-mask
>]][<
s
ource-mac
><
smac-mask
>|
any
][<
dest-mac
><
dmac-mask
>|
any
]
Parameter Description
Parameter
Description
<
1-16
>
Global rule number.
permit
If the condition matches, access is permitted.
deny
If the condition matches, access is denied.
<
1-28
>
Binds the global rule to a port. Different devices have different
port number ranges. In the syntax, the 2928E device is used as
an example.
any
(first)
Binds the global rule to all ports.
ip
This rule only matches IP packet. The non-IP packet ignores this
rule.
<
source-ipaddr
>
IP address of the source network or host transmitting packets. It is
a 32-bit IP address expressed in dotted decimal notation.
<
sip-mask
>
Source mask used for sources. It is a 32-bit IP address expressed
in dotted decimal notation.
any
(second)
The any keyword is used as the abbreviation of the destination
0.0.0.0 and the destination mask 0.0.0.0.
<
destination-ipaddr
>
Destination network or host of the transmitted packet. It is a 32-bit
IP address expressed in dotted decimal notation.
<
dip-mask
>
Destination mask used for destination. It is a 32-bit IP address
expressed in dotted decimal notation.
any
(third)
The any keyword is used as the abbreviation of the destination
0.0.0.0 and the destination mask 0.0.0.0.
4-250
SJ-20130731155059-003|2013-11-27 (R1.0)
ZTE Proprietary and Confidential