How to solve the ACL problems of the Huawei switch
Now, share some experience about SL4D how to solve the ACL problems of the Huawei switch on the daily maintenance with you:
In the already made ACL control strategy,
Such as 192.168.1.0 blocked access to 192.168.2.0 3 4 5 segment
Rule 5 deny IP source 192.168.1.0 0.0.0.255 destination 192.168.2.0 0.0.0.255
Rule 10 deny IP source 192.168.1.0 0.0.0.255 destination 192.168.3.0 0.0.0.255
Rule 15 deny IP source 192.168.1.0 0.0.0.255 destination 192.168.4.0 0.0.0.255
Rule 20 deny IP source 192.168.1.0 0.0.0.255 destination 192.168.5.0 0.0.0.255
Rule 25 deny IP source 192.168.1.0 0.0.0.255 destination 192.168.6.0 0.0.0.128
But the need to adjust the work demand, makes a IP in 192.168.1.0 such as 192.168.1.10need to access has been prohibited by the segment in a IP such as 192.168.6.215, then towhat 1.10 and 6.215 need to exchange in the adjustment process.
Reconstruction of ACL rule obviously built is not feasible, because the rules applied to theport, but application of a rule.
Then you can only from the 3001 rules on the original start. The following are the steps:
1 first in the port admiral inbound disabled, if 3001 is already in use, so rule cannot be changed
2 empty all rules, 3001 backup. The permit entry on the front end, and then restore the original rules, the reason is that ACL is matched with a top-down sequence matches, somust first permit deny
If the first match to rule 25 is deny, then no matter how do permit, results or refuse, thenadjusted the order should be
Rule 5 permit IP source 192.168.1.10 0 destination 192.168.6.215 0
Rule 10 deny IP source 192.168.1.0 0.0.0.255 destination 192.168.2.0 0.0.0.255
Rule 15 deny IP source 192.168.1.0 0.0.0.255 destination 192.168.3.0 0.0.0.255
Rule 20 deny IP source 192.168.1.0 0.0.0.255 destination 192.168.4.0 0.0.0.255
Rule 25 deny IP source 192.168.1.0 0.0.0.255 destination 192.168.5.0 0.0.0.255
Rule 30 deny IP source 192.168.1.0 0.0.0.255 destination 192.168.6.0 0.0.0.128
3 re applied to the interface. Some attention in the application process
traffic behavior: difference between permit and deny
The use of permit according to the rules in ACL 3001 release data, 3001 allow that allows,ban that prohibited
But if you use deny, no matter EAS2 the 3001 rules in the permit or deny, are all discarded withoutforwarding.
More information, please view: http://www.huanetwork.com