Here are the step by step configuration of implementing Access-Lists or ACL on Huawei routers such as NetEngine Series Routers utilizing the ip-pool and source-pool for simplicity and convenience.
1.Create ip-pool and source-pool
acl ip-pool allowed_ip
ip address 192.168.0.0 0.0.0.255
acl port-pool allowed_port
eq 22
2. Create ACL
acl number 88
description ACL88
rule 10 permit tcp source-pool allowed_ip destination-port-pool allowed_port
rule 20 deny tcp destination-port-pool allowed_port
rule 30 permit ip
3. Create traffic policy and apply ACL
traffic classifier ACL88 operator or
if-match acl 88 precedence 1interface GigabitEthernet1/1/1
traffic-policy ACL88 outbound
Verification:
display acl <ACL_NAME>
display traffic policy <ACL_NAME> statistics interface <interface-id> outbound
display acl <ACL_NAME> statistics
Sample Output:
<HUAWEI>display acl 88
Advanced ACL 88, 3 rules
ACL88
ACL’s step is 10
rule 5 permit tcp source-pool allowed_ip destination-port-pool whitelist_port (0 times matched)
rule 20 deny tcp destination-port-pool allowed_port (0 times matched)
rule 30 permit ip (0 times matched)
<HUAWEI>display traffic policy ACL88 statistics interface GigabitEthernet1/1/1 outbound
Info: The statistics is shared because the policy is shared.
Interface: GigabitEthernet1/1/1
Traffic policy outbound: ACL88
Traffic policy applied at 2024-12-18 03:24:46
Statistics enabled at 2024-12-18 02:15:17
Statistics last cleared: Never
Rule number: 60 IPv4, 0 IPv6
Current status: OK!
Item Packets Bytes
——————————————————————-
Matched 3,991,074,736 874,413,072,160
+–Passed 3,990,938,560 874,403,391,002
+–Dropped 136,176 9,681,158
Missed 0 0
Here’s an equivalent ACL configuration on Cisco Router –> ACL Configuration on Cisco ASR9000 (IOS-XR) using object-group
[…] Here’s an equivalent ACL configuration on Huawei Router –> ACL Configuration on Huawei Router using IP and Source Pool […]