Huawei3com and Cisco[1]

Introduction to Common VRP vs. IOS Commands

Huawei3Com

Topics

• Basic Commands

• Routing

• Switching

• Network Management

• Security Management

A Good Network Nearby

Configuring the System Name

• Purpose　 User name is the name of equipment for users to use

the equipment more conveniently.

• Configuration Commands　 VRP sysname systemnamesysname systemname

IOS hostname systemnamehostname systemname


Structure of the Command Line

• Purpose　　　 Introduce the configurations for entering the system mode and

the configuration mode.

• Configuration Commands• VRP system view 　 Enter the system mode and the configuration mode• IOS enable 　 Enter the system mode　　　　 config terminal 　 Enter the configuration mode


Interface Description

• Purpose　 Interface description is to specify some attributes of

the interface (for example, what the interface is, and what equipment is connected at the peer end) for users to understand the interface better.

• Configuration Commands　 VRP has the same interface configuration commands

as IOS. Presented below are the interface configuration commands of VRP, for example.

interface serial interface serial 00 description frame-relaydescription frame-relay linklink toto huaweihuawei


Configuring the Interface IP Address

• Purpose　 Define a network-wide unique identifier for the

interface .

• Configuration Commands　 VRP has the same IP address configuration

commands as IOS. Presented below are IP address configuration commands of VRP, for example.

interface ethernetinterface ethernet 0 0 ip address 168.10.2.1ip address 168.10.2.1 255.255.255.0255.255.255.0


Link Encapsulation under Serial Port

• Purpose　 Select a different encapsulation mode for a different

network architecture.

• Configuration Commands　 The common link encapsulation modes of VRP are

FRAME-RELAY, HDLC, and PPP.　 VRP interface serial interface serial 00 link-protocal frame-relay/hdlc/ppplink-protocal frame-relay/hdlc/ppp IOS interface serial interface serial 00 encapsulation frame-relay/hdlc/pppencapsulation frame-relay/hdlc/ppp


Viewing the Router Information

• Purpose　 Make users understand the equipment information better and facilitate

the equipment configuration.

• Configuration Commands VRP

Display the version: 　 display versiondisplay versionDisplay the configuration informationof the current view: 　　 display thisdisplay thisDisplay the current configuration information: display currentdisplay currentDisplay the NVRAM configuration: display saved-config display saved-configDisplay information of an interface: 　 display interface XXdisplay interface XXDisplay the routing information: 　　 display ip routingdisplay ip routing Display the module configuration in any status: display current config xx (mode)


Viewing the Router Information

IOS Show the version information show versionshow version

Show the current configuration show running-configshow running-config

Show the NVRAM information 　 show start-configshow start-config

Show information of an interface 　 show interface xxshow interface xx

Show the routing information 　 show ip routeshow ip route


Debugging the Router

• PurposePurpose　　 View all data packets of the router more carefully, View all data packets of the router more carefully,

which is helpful in uncovering the network problems.which is helpful in uncovering the network problems. • Common Debugging CommandsCommon Debugging Commands　　 VRP VRP debugging ip packet debugging ip packet

debugging ospf [process-id] packetdebugging ospf [process-id] packet debuggingdebugging fr lmifr lmi

undo debugging all undo debugging all 　　


Debugging the Router

IOS IOS debug ip packetsdebug ip packets

debug ip ospf [process-id] packetdebug ip ospf [process-id] packet

debug frame-relay lmi debug frame-relay lmi

undebug all undebug all

　　


Shortcut Command Lines

• VRPVRP Ctrl+OCtrl+O undo debugging allundo debugging all Ctrl+LCtrl+L display ip routing-tabledisplay ip routing-table Ctrl+GCtrl+G display current-configurationdisplay current-configuration Ctrl+ACtrl+A Move to the beginning of command lineMove to the beginning of command line Ctrl+ECtrl+E Move to the end of command lineMove to the end of command line Ctrl+FCtrl+F Move forward by a characterMove forward by a character Ctrl+BCtrl+B Move backward by a characterMove backward by a character Ctrl+PCtrl+P (upward arrow) Re-use the previous command (upward arrow) Re-use the previous command Ctrl+NCtrl+N (downward arrow) Re-use the next command (downward arrow) Re-use the next command

　　


Shortcut Command Lines

• IOSIOS Ctrl+Shift+6+X Ctrl+Shift+6+X Stop the current operationStop the current operation Ctrl+Z Ctrl+Z Return to the privileged modeReturn to the privileged mode

Ctrl+A Ctrl+A Move to the beginning of command lineMove to the beginning of command line

Ctrl+E Ctrl+E Move to the end of command lineMove to the end of command line Ctrl+FCtrl+F Move backward by a characterMove backward by a character Ctrl+BCtrl+B Move forward by a wordMove forward by a word Ctrl+P Ctrl+P Re-use the previous commandRe-use the previous command

Ctrl+NCtrl+N Re-use the next commandRe-use the next command

　　


Using the Loopback Interface

• Purpose　 The loopback interface is virtual, and VRP can use it to simulate

the actual interface because a virtual interface is not closed due to various factors like a physical interface.

• Configuration Commands　 A loopback interface has the same configuration commands as

other interfaces. Since it is not connected to any other physical interface, it uses a 32-bit mask to save addresses.

　　 interface loopback 0 ip address 1.1.1.1 255.255.255.255


Unnumbered Interface Address

• Purpose ip unnumbered can be used to save the space of network

addresses or subnet addresses, but the port status (up or not) cannot be known with the ping command.

• Configuration Commands VRP has the same configuration commands has IOS.

Described below is how to configure VRP. Interface serial 1/0 Ip unnumbered ethernet 0/1


DNS

• Purpose　 Domain Name Server (DNS) makes destination

names correspond to IP addresses, so that users only need to know the destination name.

• Configuration Commands　 VRP Configure the domain name correspondence: ip host host-name ip-add 　　　　 Cancel the domain name correspondence: 　　　　　　　　　　 undo ip host host-name ip-address IOS Configure: The same as VRP　　　 Cancel: 　 no ip host host-name ip-address


DNS

• IOS no ip domain-lookup

To avoid the case where a router regards the wrongly entered command as a host name, and thus sends a request to domain-server for the corresponding IP address or sends a broadcast (255.255.255.255) if there is no domain-server.


CDP

• Purpose　 Cisco Discovery Protocol (CDP) is a private protocol

of Cisco. Cisco equipment complies with CDP when collecting the information of other adjacent Cisco equipment. This command is used in the interface mode.

• Configuration Commands　 Since CDP is a private protocol of Cisco, VRP does

not have the relevant commands.

　 IOS interface serial interface serial 00

cdp enablecdp enable


Boot Configuration

• Purpose　 Change the place where the router’s system software

is obtained.

• Configuration Commands　 IOS boot systemboot system flashflash

boot system tftpboot system tftp: //: //1.2.3.4/c2600-121-5.T41.2.3.4/c2600-121-5.T4

boot system romboot system rom


Cisco Register Configuration

• Purpose　 Register configuration is used to change the route

start process.

• Configuration Commands　 First introduced are functions of major registers. 　　 0x2102 Industrial default value 　　　　 0x2142 　 Start from flash without using the

configuration file in NVRAM (used for password recovery)

　　 Configuration 　 config-register 0x2102 config-register 0x2142


Topics

• Basic Commands

• Routing

• Switching




RIP

• Routing Information Protocol (RIP) is a relatively simple Interior Gateway Protocol (IGP). It is predominantly used in small-scale networks.


VRP RIP (1)

• Start RIP and enter the RIP view riprip

• Stop the RIP undo ripundo rip

• Apply RIP to a specified network interface networknetwork network-addressnetwork-address

• Cancel the RIP applied on a specified network interface

undo networkundo network network-addressnetwork-address


VRP RIP (2)

• Specify RIP-1 for an interface

rip rip versionversion 1 1

• Specify RIP-2 for an interface

rip version 2 [ broadcast | multicast ]rip version 2 [ broadcast | multicast ]

• Restore the RIP version on an interface to the default value

undo rip version { 1 | 2 }undo rip version { 1 | 2 }


IOS RIP (1)

• Start RIP and enter the RIP view routerouter rip rip

• Stop the RIP no router ripno router rip

• Apply RIP to a specified network interface network network-addressnetwork network-address

• Cancel the RIP applied on a specified network interface

undo network network-addressundo network network-address


IOS RIP (2)

• IOS RIP version information may be configured in the RIP process.

Configure RIP in such a way as to only receive and send the information of version 1 and version 2 Router(config-router)# version {1 | 2}Router(config-router)# version {1 | 2}

• RIP version information may be controlled more accurately under an interface

Router(config-if)# ip rip receive version 2Router(config-if)# ip rip receive version 2 Router(config-if)# ip rip send version 1Router(config-if)# ip rip send version 1


Basic RIP Configuration Example

1.1.1.2/24

Router1

Router4

Router2

Router3

1.1.1.1/24

2.1.1.1/24

2.1.1.2/243.1.1.1/24

3.1.1.2/24

3.1.1.2/24

3.1.1.1/24

VRP configuration commands: (router1)ripnet 1.0.0.0 net 2.0.0.0Other routers may be configured similarly. IOS configuration commands: (router1)router ripnet 1.0.0.0 net 2.0.0.0Other routers may be configured similarly.


OSPF

• Open Shortest Path First (OSPF) is an IETF-developed interior gateway protocol based on link state. Version 2 (RFC2328) is used now.


VRP OSPF (1)

• Start OSPF and enter the OSPF view

ospf [ process-id [ [ router-id router-id ] vpn-ospf [ process-id [ [ router-id router-id ] vpn-instance vpn-instance-name ] ]instance vpn-instance-name ] ]

• Close an OSPF process

undo ospf [ process-idundo ospf [ process-id ]]


VRP OSPF (2)

• Enter the OSPF area view areaarea area-idarea-id

• Delete the specified OSPF area undo areaundo area area-idarea-id

• Cause OSPF to run at the specified network segment

network ip-address wildcard-masknetwork ip-address wildcard-mask

• Cancel OSPF running at a network segment undo network ip-address wildcard-maskundo network ip-address wildcard-mask


IOS OSPF (1)

• Start an OSPF process

Router(config)# router ospf process-idRouter(config)# router ospf process-id

• Delete the specified OSPF area

no router ospf process-idno router ospf process-id


IOS OSPF (2)

• Enable OSPF at the specified network segment, and put the interfaces of this network segment in the specified area

Router(config-router)# network ip-address Router(config-router)# network ip-address wildcard-mask area area-idwildcard-mask area area-id

• Cancel OSPF of a network segment

Router(config-router)#no network ip-address Router(config-router)#no network ip-address wildcard-mask area area-idwildcard-mask area area-id


Basic OSPF Configuration Example

1.1.1.2/24

Router1

Router4

Router2

Router3

1.1.1.1/24

2.1.1.1/24

2.1.1.2/243.1.1.1/24

3.1.1.2/24

3.1.1.2/24

3.1.1.1/24

Area 0

Area 1

VRP configuration commands: (router1)ospf 1area 0network 1.1.1.2 0.0.0.0 area 1network 2.1.1.1 0.0.0.0Other routers may be configured similarly.

IOS configuration commands: (router1)router ospf 1network 1.1.1.2 0.0.0.0 area 0network 2.1.1.1 0.0.0.0 area 1Other routers may be configured similarly.


ISIS

• Intermediate System-to-Intermediate System (IS-IS) is a protocol for intra-domain routing information exchange. Initially, IS-IS is a dynamic routing protocol that ISO defines for its CLNP design. To support IP-based routing, IETF has expanded and modified IS-IS for it to be applied in both TCP/IP and OSI environment. Such an IS-IS is known as an integrated IS-IS.


VRP ISIS (1)

• Enable the IS-IS routing process and enter the IS-IS view

isis [ tag ]isis [ tag ]

• Delete the IS-IS routing process undo isis [ tag ]undo isis [ tag ]

• Set the network entity title

network-entity netnetwork-entity net

• Delete the network entity title

undo network-entity netundo network-entity net


VRP ISIS (2)

• Enable IS-IS on a specified interface isis enable [ tag ]isis enable [ tag ]

• Disable a running IS-IS process on an interface

undo isis enable [ tag ]undo isis enable [ tag ]


IOS ISIS (1)

• Enable the IS-IS routing process Router(config)# router isis [area tag]Router(config)# router isis [area tag]

• Delete the IS-IS routing process no routerno router isis [ isis [areaarea tag ] tag ]

• Set a network entity title

net network-entity-titlenet network-entity-title

• Delete a network entity title

nono net netnet network-entity-titlework-entity-title


IOS ISIS (2)

• Enable IS-IS on a specified interface Router(config-if)# ip router isis [area tag]Router(config-if)# ip router isis [area tag]

• Disable a running IS-IS process on an interface

no ip router isis no ip router isis [ [areaarea tag ] tag ]


Basic ISIS Configuration 1

1.1.1.2/24

Router1

Router2

Router3

1.1.1.1/243.1.1.2/24

3.1.1.1/24

Area 49.0001

RT1: 49.0001.0000.0000.0001.00

RT2: 49.0001.0000.0000.0002.00

RT3: 49.0001.0000.0000.0003.00


Basic ISIS Configuration 2

VRP configuration commands: (router1)

isis

network entity 49.0001.0000.0000.0001.00

int serial X

isis enable

Other routers may be configured similarly.

IOS configuration commands: (router1)

router isis

net 49.0001.0000.0000.0001.00

int serial X

ip router isis

Other routers may be configured similarly.


BGP

• Border Gateway Protocol (BGP) is a protocol for dynamic route discovery between Autonomous Systems (ASs). BGP-4 is currently used (see RFC1771). BGP-4 is applicable to the distributed structure and supports Classless Inter-Domain Routing (CIDR). BGP is frequently used between ISPs.


VRP BGP (1)

• Start the BGP and enter the BGP view bgp bgp as-as-numbernumber

• Configure the transmission network of the local BGP (optional)

network ip-address [ address-mask ] [ route-network ip-address [ address-mask ] [ route- policpolicy route-policy-name ]y route-policy-name ]


VRP BGP (2)

• Create a peer group group group-name [ internal | external ]group group-name [ internal | external ]

• Specify an AS number for a peer group

peer group-name as-number as-numberpeer group-name as-number as-number

• Create a peer in a peer group

peer peer-address group group-name [ as-number peer peer-address group group-name [ as-number as-number ]as-number ]


IOS BGP (1)

• Start the BGP and enter the BGP view Router(config)# router bgp as-numberRouter(config)# router bgp as-number

• Configure the transmission network of the local BGP (optional)

Router(config-router)# network network-number Router(config-router)# network network-number [mask network-mask] [route-map route-map-[mask network-mask] [route-map route-map-name]name]


IOS BGP (2)

• Specify the address of a peer or peer group Router(config-router)# neighbor {ip-address | Router(config-router)# neighbor {ip-address |

peer-group-name} remote-as as-numberpeer-group-name} remote-as as-number

• Note: IOS does not forcibly requires configuring a peer group. A peer group may be directly configured when there are a few neighbors.


Basic BGP Configuration Example

1.1.1.2/24

Router1

Router2

Router3

1.1.1.1/243.1.1.2/24

3.1.1.1/24

AS100

AS200

AS300

VRP configuration commands: (router1)bgp 100group 1 externalpeer 1.1.1.1 group 1 as-number 200Other routers may be configured similarly.

IOS configuration commands: (router1)bgp 100neighbor 1.1.1.1 remote-as 200Other routers may be configure similarly.


Integrated RIP and BGP Configuration Example 1

1.1.1.2/24

Router1

Router2

Router3

1.1.1.1/243.1.1.2/24

3.1.1.1/24

AS100

AS200

AS300

Router4

4.1.1.2/24

4.1.1.1/24

Loopback0: 10.1.1.1/8


IOS BGP (2)

VRP configuration commands: (router4)ripnetwork 100.0.0.0network 4.0.0.0

bgp 100group 1 internalpeer 4.1.1.2 group 1 network 10.0.0.0 255.0.0.0Other routers may be configure similarly.

IOS configuration commands: (router4)router ripnetwork 100.0.0.0network 4.0.0.0

router bgp 100neighbor 4.1.1.2 remote-as 100 network 10.0.0.0 mask 255.0.0.0Other routers may be configure similarly.


Routing Policy

• Introduction When advertising and receiving the routing

information, a router may carry out some policies to filter the routing information, for example, only receive or advertise the routing information that meets the

given conditions.


Routing Policy

• Network Requirement　 When the OSPF on a router redistributes the routing information of RIP, it filters

routes by quoting a routing policy. The routing policy comprises two nodes, for example, 192.1.0.0/24 and 128.2.0.0/16, whose routing information is advertised by OSPF under different routing costs.

• Topology 　　　　　　　　　　　　　　　　　　　　

　　　　　　　　　　　　　　　　　　

192.1.0.0/24128.2.0.0/16

Regional network

128.1.0.0/16

128.1.0.1/16

Campus network


Example of Routing Policy

• VRP Configuration • Define an address prefix list [Router]ip ip-prefix p1 permit 192.1.1.0/24 [Router]ip ip-prefix p1 permit 128.2.0.0/16• Configure a routing policy [Router]route-policy r1 permit 10 [Router-route-policy]if-match ip address ip-prefix p1 [Router-route-policy]apply cost 20 [Router-route-policy]route-policy r1 permit 20 [Router-route-policy]if-match ip address ip-prefix p2 [Router-route-policy]apply cost 30　　



• VRP Configuration • Configure the OSPF

　 [Router]ospf 1

　 [Router-ospf-1]import-route rip route-policy r1 　　



• IOS Configuration

ip prefix-list p1 permit 192.1.1.0/24

ip prefix-list p2 permit 128.2.0.0/16　 route-map r1 permit 10

match ip prefix-list p1

set cost 20

route-map r1 permit 20

match ip prefix-list p2

set cost 30

router ospf 1

redistribute rip route-map r1　


Topics

• Basic Commands

• Routing

• Switching




Virtual Local Area Network (VLAN)

• VLAN technology serves to divide an LAN into multiple logical “LANs” – VLANs. Each VLAN is a broadcast domain. Hosts in a VLAN can communicate with one another in the same way as in an LAN. A VLAN cannot directly communicate with another one, thus broadcast packets are restricted in one VLAN.


VRP Command Line (1)

• Create a VLAN vlan 100 (1-4094)• Delete a VLAN undo vlan 100 (1-4094)• Add a port in VLAN port Ethernet 2/0/1• Delete a port from a VLAN undo port Ethernet 2/0/1



• Add a port to a VLAN

port access vlan 100 (1-4094)• Delete a port from a VLAN

undo port access vlan 100 (1-4094)• Display the information of a VLAN

display vlan VLAN ID (1-4094)


IOS Command Line

• Create a VLAN vlan 100 (1-4094)• Delete a VLAN no vlan 100 (1-4094)• Add a port to a VLAN switchport access vlan 100• Delete a port from a VLAN no switchport access vlan • Show a VLAN show vlan


• Trunk permits transmission of the VLAN information when there is only one link.

Trunk


• Define the Trunk attribute of a

port link-type trunk• Delete the Trunk attribute of a port

undo port link-type• Define the VLAN that a port can transmit

port trunk permit vlan VLAN ID • Delete a port from VLAN

undo port trunk permit vlan VLAN ID



IOS Command Line

• Define the Trunk attribute of an interface switchpor trunk encapsulation isl switchport mode trunk• Delete the Trunk attribute of an interface no switchport mode• Define the VLANs allowed by the Trunk switchport trunk allowed vlan VLAN IDs• Cancel the VLANs allowed by the Trunk no switchport trunk allowed vlan


Link Aggregation

• Link aggregation is a method of combining several physical links into a logical link. Link aggregation can be static or dynamic.


VRP Command Line(1)

• Set static port aggregation link-aggregation Ethernet 0/1 to Ethernet 0/4

both• Delete static port aggregation undo link-aggregation all• Perform dynamic aggregation under a port lacp enable• Cancel dynamic aggregation under a port undo lacp enable


IOS Command Line

• Set static port aggregation channel-group 1 <1-64> mode on• Delete static port aggregation no channel-group• Perform dynamic aggregation under a port channel-protocol lacp channel-group 1 <1-64> mode active (passive)• Cancel dynamic aggregation under a port no channel-protocol no channel-group


Spanning Tree Protocol (STP )

• STP can be applied in the loop network. With a certain algorithm, it blocks some redundant routes and trims the loop network into a loop-free tree network, thus avoiding proliferation and infinite circulation of packets in the loop network.



• Define the STP mode stp mode stp• Cancel the STP mode

undo stp mode• Define the MSTP mode

stp mode mstp

• Cancel the MSTP mode

undo stp mode


IOS Command Line

• Define the STP mode spanning-tree mode rapid-pvst• Cancel the STP mode no spanning-tree mode• Define the MSTP mode spanning-tree mode mst• Cancel the MSTP mode no spanning-tree mode


Topics

• Basic Commands

• Routing

• Switching




Introduction to SNMP

• Introduction　 Simple Network Management Protocol (SNMP), a broadly

applied industrial standard, is the computer network management protocol that used the most extensively at present.

• Structure　 SNMP is structurally divided into Network Management Station

(NMS) and AGENT. NMS is the client workstation and AGENT is the server software that runs on the network equipment.

• SNMP Version　 SNMP has three versions now: SNMP v3/v2c/v1. SNMP v3 is

compatible with v1 and v2c.

　


SNMP Configuration

• SNMP configurations include: 　 Start and close the SNMP AGENT service

　 Set the community name

　 Configure an SNMP group

Set the information about how to contact the administrator

　 Allow/prohibit transmission of the Trap packet

　 Set the address of the destination host of the Trap

　 Specify the source address of the packet


SNMP Instance Configuration

Snmp agent

129.102.149.23

Router

129.102.149.1


VRP Configuration

• System-view Enter the view• Snmp-agent community read public Only read the

community attribute name “public”• Snmp-agent communty write private Only write the

community attribute name “private” • Snmp-agent sys-inf contact Mr.wang-tel 3306 Set the

information about how to contact the administrator• Snmp-agent sys-info location telephone 3rd floor Physical

location of the router• Snmp-agent trap enable Enable the trap packet• Snmp-agent target-host trap address udp-domain

129.102.149.23 udp-port 5000 params securityname public Allow sending trap packets to the NM workstation 129.102.149.23 with the community name “public”.


IOS Configuration

• Config termimal• Snmp-server community public ro• Snmp-server community private rw• Snmp-server contact Mr.wang-tel 3306• Snmp-server location telephone 3rd floor • Snmp-server enable traps• Snmp-server target-host trap address udp-domain

129.102.149.23 udp-port 5000 params securityname public


Topics

• Basic Commands

• Routing

• Switching




Security Policy

• A policy is the factors to be considered in decision-making. The policy for network security is based on:

　 Controllability 　 VS Adaptability

　 Stability 　　 VS Latent threat

　 Initial input 　 VS 　　 Subsequent input

• In making a decision, find a balance point between the above pairs.


Authentication and Authorization

• Key points• Determine the level of authority• Determine the authorization policy　　 Generic or per user

AAA via TACACS+ or RADIUS

Local authentication


Authentication Configuration

• Local AAA Authentication • VRP Configuration　 aaa enable Enable aaa authentication

　 aaa authentication-scheme login local 　 Enable local aaa authentication

　 local-user huawei password simple linbin Set the local username and password

　 user-interface vty 0 4 Enter the vty view

　 authentication-mode local The user that accesses the equipment via telnet uses local authentication


Authentication Configuration

• Local AAA Authentication• IOS Configuration　 aaa new-model

aaa authentication login local

username huawei password linbin

line vty 0 4

login authentication local


Restricted Authorization

　 Authorize different users on the equipment• Configuration level• View level• Support level

　 Use privilege level (level 1 ~ level 3)


Authorization Configuration

• VRP Configuration　 local-user huawei password simple linbin Create

a user 　 local-user huawei level 3 Set the authorization level

• Application Command command-privilege level 3 view serial display

interface


Authorization Configuration

• IOS Configuration username huawei privilege 5 password huawei

peivilege config level 5 interface Define a configuration object

privilege interface level 5 shutdown Define a configuration command

privilege exec level 5 show ip route Define an executable command


Security of Command Line

• Command Line Protection of VRP

super password level {1/2/3} {simple/cipher} linbin

• Command Line Protection of IOS

enable password linbin

enable secret linbin


Time Protection of Vty and console

• Purpose Ensure that the equipment that is logged on to via vty

and console is not used by any other unauthorized person after the user leaves.

• VRP Configuration Idle-timeout minite second

• IOS Configuration exec-timeout minite second


ACL

• Overview To filter data packets,a router shall be configured with

rules to decide which data packets will be let through.These rules are defined in an Access Control List (ACL).

• Classification Basic acl Advanced acl Interface-based acl MAC-based acl


Configuring the Standard ACL

• VRP configuration• Create a basic ACL in the system view

acl {number number/name name basic} [match- order {config/auto}]

• Create the ACL rules in the basic ACL view

rule [rule-id] {permit/deny} [source sour-add sour-wildcast/any] [time-range time-name] [logging] [fragment] [vpn-instance vpn-instance-name]


Configuring the Standard ACL

• VRP instance acl number 2000 match-order config

rule 1 permit source 20.1.1.0 0.0.0.255

• IOS instance access-list 2 permit 20.1.1.0 0.0.0.255

Thank you!


www.huawei-3com.com

Documents

Huawei3com and Cisco[1]