3com 4500 PWR 50-PORT User Manual
188
C
HAPTER
8: U
SING
Q
O
S/ACL C
OMMANDS
undo rule
rule-id
View
Corresponding ACL View
Parameter
rule-id:
Specifies the subitems of an ACL, ranging from 0 to 65534.
permit:
Permits packets that meet the requirements.
deny:
Denies packets that meet the requirements.
The following parameters are various property parameters carried by packets. The
ACL sets rules according to this parameter.
ACL sets rules according to this parameter.
Parameters specific to basic ACLs:
source
{
source-addr wildcard
| any }
:
source-addr wildcard
represents
the source IP address and the wildcard digit represented in dotted decimal
notation.
notation.
any
represents all source addresses.
fragment
: Means this rule is only effective fragment packets and is ignored for
non-fragment packets.
Parameters specific to advanced ACLs:
protocol
: Specifies the protocol type which is represented by a name or a
number. When it is a name, this parameter can be adopted like: icmp, igmp, tcp,
udp, ip, gre, ospf, ipinip, etc. If the adopted value is IP, that means all the Internet
Protocols. When it is a number: it ranges from 1 to 225.
udp, ip, gre, ospf, ipinip, etc. If the adopted value is IP, that means all the Internet
Protocols. When it is a number: it ranges from 1 to 225.
source { source-addr wildcard | any }
:
source-addr wildcard
means the
source IP address and the wildcard digit represented in dotted decimal notation.
any
means all source addresses.
destination
{
dest-addr wildcard | any }
:
dest-addr wildcard
means the
destination IP address and the wildcard digit represented in dotted decimal
notation.
notation.
any
means all destination addresses.
source-port
operator port1 [port2]
: Source port number of TCP or UDP used
by the packet.
operator
is port operator, including eq (equal), gt (greater than), lt
(less than),neq (not-equal), range (within this range). Note that this parameter is
only available when the parameter protocol is TCP or UDP. port1 [port2]: Source
port number of TCP or UDP used by the packet, notated by a character or a
number which ranges from 0 to 65535 inclusive. For the value of the character,
please refer to mnemonic symbol table. The two parameters port1 and port2
appear at the same time only when the operator is “range”, but other operators
need “port1” only.
only available when the parameter protocol is TCP or UDP. port1 [port2]: Source
port number of TCP or UDP used by the packet, notated by a character or a
number which ranges from 0 to 65535 inclusive. For the value of the character,
please refer to mnemonic symbol table. The two parameters port1 and port2
appear at the same time only when the operator is “range”, but other operators
need “port1” only.
destination-port
operator port1 [port2
]: Destination port number of TCP or
UDP used by packets. For detailed description, please refer to
source-port
operator port1 [port2]
.
icmp-type
type code
: Appears when protocol is icmp.
type code
specifies an
ICMP packet.
type
represents the type of ICMP packet, notated by a character or