3com 3.01.01 Benutzerhandbuch

The switch supports several types of ACLs, which are described in this section. 

Follow these steps to define an ACL

1 Enter the corresponding ACL view

2 Define ACL rules. Note that:

■

If the time-range keyword is not selected, the ACL will be effective at any time 
after being activated. 

■

You can define multiple rules for the ACL by using the rule command several 
times.

■

If the ACL is sent directly to hardware for packet filtering and traffic 
classification, the configuration matching order becomes ineffective. If the ACL 
is used in filtering or classifying the packets processed by software, the 
configuration matching order is available. You cannot modify the matching 
order once you define it for an ACL rule. 

■

By default, ACL rules are matched in configuration order. 

Basic ACLs make rules and process packets according to the source IP addresses. 

Perform the following configurations in the specified views.

Advanced ACLs define classification rules and process packets according to the 
source and destination IP addresses, TCP/UDP ports, packet priority. ACLs support 
three types of priority schemes: ToS (type of service) priority, IP priority and DSCP 
priority. 

Perform the following configurations in the specified view.

Table 6   Defining Basic ACLs

Enter basic ACL view (system view)

acl { number acl-number | name acl-name   basic } 
[ match-order { config | auto } ]

Define an ACL rule (basic ACL view)

rule [ rule-id ] { permit | deny } [ source { 
source-addr wildcard | any } | fragment | 
time-range name | vpn-instance instance-name 
]*

Delete an ACL rule (basic ACL view)

undo rule rule-id [ source | fragment | 
time-range | vpn-instance instance-name ]*

Delete an ACL or all ACLs (system view)

undo acl { number acl-number | name acl-name | 
all }

Table 7   Defining advanced ACL

Enter advanced ACL view (system view)

acl { number acl-number | name acl-name  
advanced } [ match-order { config | auto } ]