Huawei Access-Lists (ACL)


Huawei Access-Lists

In this Huawei HCIA configuration example, we will learn Huawei Access List (ACL) Configuration on Huawei Routers. Configuring Access Lists has some basic steps and we will cover all these steps in this article.


First of all, let’s remember the Access List types. There are three types Huawei Access Lists (ACLs) :

  • Basic ACL
  • Advanced ACL
  • Layer 2 ACL


You can check each ACL type and their number ranges below. You can also find the parameters of each ACL type.

In this lesson, we will show Basic Access Lists (Basic ACLs) and Advanced Access Lists (Advanced ACLs) with specific examples. Let’s firstly start with Basic Access List Configuration.


You can also check Huawei Configuration Course for Hands on Experience on Huawei Routers and Swithces.


Basic Access List Configuration on Huawei Routers

In the first example, we will focus on Basic Access List Configuration. With this Basic Access List Configuration, we will prevent the users on the subnet and to access the router. And we will allow the users, in the subnet to access the router.


[Huawei-Router] acl 2222
[Huawei-Router-acl-basic-2222] rule deny source
[Huawei-Router-acl-basic-2222] rule deny source
[Huawei-Router-acl-basic-2222] rule permit source
[Huawei-Router-acl-basic-2222] quit


And lastly, we will add this ACL to the related interface through outbound. Because, we are trying to prevent or allow the traffic going out to this router.


[Huawei-Router] interface GigabitEthernet1/1/1
[Huawei-Router-GigabitEthernet1/1/1] traffic-filter outbound acl 2222
[Huawei-Router-GigabitEthernet1/1/1] quit


To check the ACL, we can use “display acl 2222” command. As you can see below, you can find the three rules in this Access List (ACL).



Advanced Access List Configuration

In this second example, we will focus on Advanced Access List Configuration. With this Advanced Access List Configuration, we can prevent the traffic from a specific network to a specific network. We can allow a specific host to access to a specific server with a specific port. This can be reproducible.


For our example, we will configure an Advanced Access List in the right router. And we will apply this to the inbound direction of GigabitEthernet1/1/1.


We will allow R&D to FTP to the Server, but we will prevent Sales to access the Server. And we will allow Sales to communicate with Marketing and we will prevent R&D to access the Marketing.

Here, I will give a very important note. Basic Access Lists are added to the interface close to the “source”. But Advanced Access Lists are added to the interface closest to the “destination”.


Firstly, let’s create the Advanced ACL and write the rules under this ACL. We can use the numbers between 3000 and 3999. Here, in our ACL we will use 3500.


[Huawei-Router] acl 3500
[Huawei-Router-acl-basic-3500] rule deny source destination
[Huawei-Router-acl-basic-3500] rule deny tcp source destination destination-port eq 21
[Huawei-Router-acl-basic-3500] rule permit tcp source destination destination-port eq 21
[Huawei-Router-acl-basic-3500] rule permit source destination
[Huawei-Router-acl-basic-3500] quit


Now, let’s bind this Advanced ACL to the GigabitEthernet1/1/1 interface of the right router. We will add this ACL through inbound direction.


[Huawei-Router] interface GigabitEthernet1/1/1
[Huawei-Router-acl-basic-3500] traffic-filter inbound acl 3500
[Huawei-Router-acl-basic-3500] quit


Lastly, we will check the configured Advanced Access List with “display acl 3500” command.


Lesson tags: ACL, HCNA, Huawei
Back to: HCNA > Access-Lists (ACLs)

2 Responses to “Huawei Access-Lists (ACL)”

Leave a Reply

Your email address will not be published. Required fields are marked *