Huawei Access-Lists (ACL)

huawei-advanced-acl-example

Huawei Access-Lists

In this Huawei HCIA configuration example, we will learn Huawei Access List (ACL) Configuration on Huawei Routers. Configuring Access Lists has some basic steps and we will cover all these steps in this article.

 

First of all, let’s remember the Access List types. There are three types Huawei Access Lists (ACLs) :

  • Basic ACL
  • Advanced ACL
  • Layer 2 ACL

 

You can check each ACL type and their number ranges below. You can also find the parameters of each ACL type.


huawei-acl-types
In this lesson, we will show Basic Access Lists (Basic ACLs) and Advanced Access Lists (Advanced ACLs) with specific examples. Let’s firstly start with Basic Access List Configuration.

 


You can also check Huawei Configuration Course for Hands on Experience on Huawei Routers and Swithces.


 

Basic Access List Configuration on Huawei Routers

In the first example, we will focus on Basic Access List Configuration. With this Basic Access List Configuration, we will prevent the users on the subnet 10.1.1.0/24 and 10.2.2.0/24 to access the router. And we will allow the users, in the subnet 172.16.0.0/16 to access the router.


huawei-basic-acl-example

system-view
[Huawei-Router] acl 2222
[Huawei-Router-acl-basic-2222] rule deny source 10.1.1.0 0.0.0.255
[Huawei-Router-acl-basic-2222] rule deny source 10.2.2.0 0.0.0.255
[Huawei-Router-acl-basic-2222] rule permit source 172.16.0.0 0.0.255.255
[Huawei-Router-acl-basic-2222] quit

 

And lastly, we will add this ACL to the related interface through outbound. Because, we are trying to prevent or allow the traffic going out to this router.

 

[Huawei-Router] interface GigabitEthernet1/1/1
[Huawei-Router-GigabitEthernet1/1/1] traffic-filter outbound acl 2222
[Huawei-Router-GigabitEthernet1/1/1] quit

 

To check the ACL, we can use “display acl 2222” command. As you can see below, you can find the three rules in this Access List (ACL).


huawei-basic-acl


 

Advanced Access List Configuration

In this second example, we will focus on Advanced Access List Configuration. With this Advanced Access List Configuration, we can prevent the traffic from a specific network to a specific network. We can allow a specific host to access to a specific server with a specific port. This can be reproducible.

 

For our example, we will configure an Advanced Access List in the right router. And we will apply this to the inbound direction of GigabitEthernet1/1/1.

 

We will allow R&D to FTP to the Server, but we will prevent Sales to access the Server. And we will allow Sales to communicate with Marketing and we will prevent R&D to access the Marketing.


huawei-advanced-acl-example
Here, I will give a very important note. Basic Access Lists are added to the interface close to the “source”. But Advanced Access Lists are added to the interface closest to the “destination”.

 

Firstly, let’s create the Advanced ACL and write the rules under this ACL. We can use the numbers between 3000 and 3999. Here, in our ACL we will use 3500.

 

system-view
[Huawei-Router] acl 3500
[Huawei-Router-acl-basic-3500] rule deny source 10.10.5.0 0.0.0.255 destination 172.16.1.0 0.0.0.255
[Huawei-Router-acl-basic-3500] rule deny tcp source 10.10.6.0 0.0.0.255 destination 172.16.2.1 0.0.0.0 destination-port eq 21
[Huawei-Router-acl-basic-3500] rule permit tcp source 10.10.5.0 0.0.0.255 destination 172.16.2.1 0.0.0.0 destination-port eq 21
[Huawei-Router-acl-basic-3500] rule permit source 10.10.6.0 0.0.0.255 destination 172.16.1.0 0.0.0.255
[Huawei-Router-acl-basic-3500] quit

 

Now, let’s bind this Advanced ACL to the GigabitEthernet1/1/1 interface of the right router. We will add this ACL through inbound direction.

 

[Huawei-Router] interface GigabitEthernet1/1/1
[Huawei-Router-acl-basic-3500] traffic-filter inbound acl 3500
[Huawei-Router-acl-basic-3500] quit

 

Lastly, we will check the configured Advanced Access List with “display acl 3500” command.

huawei-diplay-acl

Lesson tags: ACL, HCNA, Huawei
Back to: HCNA > Access-Lists (ACLs)

2 Responses to “Huawei Access-Lists (ACL)”


Leave a Reply

Your email address will not be published. Required fields are marked *

IPCisco is the Winner of 2019 “Best Certification Study Journey” Category! We are also Finalist of 2020 & 2021 in Cisco IT Blog Awards!

Cisco-ITBlogAwards-2019-Winner-IPCisco-k
ITBlogAwards_2020_Badge-Finalist-BestCertStudy-ipcisco
ITBlogAwars-2021-ipcisco

HCNA

Collapse
Expand
IPCisco on Social Media!