ACL configuration on Huawei Router NE40E
Monday, April 13, 2009Lately..I was been assigned to do some security configuration for our secure servers & networking equipments. Our technology is mostly from Huawei.. So all our Routers,Firewalls,switches and other networking equipments are from Huawei. Basically the concept is same as that of Cisco & Nortel, but yes the command varies.
Performing the configuration, to my surprise the command which is used to configure ACL in other Huawei routers didn’t work in our newly bought NE40E Router. It was because since the router was bought recently, it had updated Version-V300R002_11(OS for Huawei router).
I figured out new way to do it ….so thought it would be useful for people if I share it on my blog.
Routers usually need to process the data packets with certain features.
For example, applying Access Control List (ACL) in the firewalls can either permit some data packets to pass the firewalls or directly discard the data packets. Applying ACLs in IPSec can encapsulate the data packets that match the ACL and forward those that do not match the ACL.
Routers select data packets by using a serial of rules defined through ACL.
An ACL includes a group of orderly rules that consist of rule { deny | permit } statements. The rules are described based on the source address, the destination address, and the port number of data packets. An ACL classifies data packets according to these rules.
Lets go with the syntax :
# create an acl
acl number rule 1 permit source destination rule 5 deny #Now apply the acl to the interface
interface acl
**** That was the way in earlier Huawei Routers……the below explains the new way.****
Steps,
1. Create a traffic classifier
2. Create a traffic behaviour
3. Create a traffic policy
4. Define the traffic policy with classifier & behaviour
5. Apply the traffic policy to the router interface
Well…in router series after Huawei Router NE40E the acl application is a part of policy based routing.