ACL configuration on Huawei Router NE40E

Monday, April 13, 2009

Lately..I was been assigned to do some security configuration for our secure servers & networking equipments. Our technology is mostly from Huawei.. So all our Routers,Firewalls,switches and other networking equipments are from Huawei. Basically the concept is same as that of Cisco & Nortel, but yes the command varies.

Huawei Router NE40E

Huawei Router NE40E

Performing the configuration, to my surprise the command which is used to configure ACL in other Huawei routers didn’t work in our newly bought NE40E Router. It was because since the router was bought recently, it had updated Version-V300R002_11(OS for Huawei router).

I figured out new way to do it ….so thought it would be useful for people if I share it on my blog.

Routers usually need to process the data packets with certain features.

For example, applying Access Control List (ACL) in the firewalls can either permit some data packets to pass the firewalls or directly discard the data packets. Applying ACLs in IPSec can encapsulate the data packets that match the ACL and forward those that do not match the ACL.

Routers select data packets by using a serial of rules defined through ACL.

An ACL includes a group of orderly rules that consist of rule { deny | permit } statements. The rules are described based on the source address, the destination address, and the port number of data packets. An ACL classifies data packets according to these rules.

Lets go with the syntax :

# create an acl
acl number
rule 1 permit source destination
rule 5 deny

#Now apply the acl to the interface
interface
acl

**** That was the way in earlier Huawei Routers……the below explains the new way.****

Steps,
1. Create a traffic classifier
2. Create a traffic behaviour
3. Create a traffic policy
4. Define the traffic policy with classifier & behaviour
5. Apply the traffic policy to the router interface

Well…in router series after Huawei Router NE40E the acl application is a part of policy based routing.


Labels:

0 comments: