3com 5500-ei pwr Reference Guide

 

1-24 

RARP 0x8035 

16 

20 

IP 0x0800 16 

20 

IPX 0x8137  16 

20 

AppleTalk 0x809B 

16 

20 

ICMP 0x01 

27 

31 

IGMP 0x02 

27 

31 

TCP 0x06 

27 

31 

UDP 0x11 

27 

31 

 

# Create user-defined ACL 5000 and define rule 1 to deny all TCP packets (it is assumed that no port is 

enabled with the VLAN-VPN function). In the following rule command line, 06 is the protocol number of 

TCP, ff is the rule mask, and 27 is the offset of the protocol field in an IP packet that the switch 

processes internally. 

<Sysname> system-view 

System View: return to User View with Ctrl+Z. 

[Sysname] acl number 5000 

[Sysname-acl-user-5000] rule 1 deny 06 ff 27 

[Sysname-acl-user-5000] quit 

# Create user-defined ACL 5001 and define rule 1 to deny ARP packets sourced from 192.168.0.1 (it is 

assumed that no port is enabled with the VLAN-VPN function). In the following rule command line, 

0806 is the protocol number of ARP, 16 is the offset of the protocol field in an Ethernet packet that the 

switch processes internally, c0a80001 is the representation of 192.168.0.1 in hexadecimal, and 32 is 

the offset of the source IP address field in an ARP packet that the switch processes internally. 

[Sysname] acl number 5001 

[Sysname-acl-user-5001] rule 1 deny 0806 ffff 16 c0a80001 ffffffff 32 

[Sysname-acl-user-5001] quit 

# Create user-defined ACL 5002 and define rule 1, specifying a 32-byte rule string, a rule mask of all Fs, 

and an offset of 4. Then, apply the ACL to Ethernet 1/0/1.  

[Sysname] acl number 5002 

[Sysname-acl-user-5002] rule 1 deny 

1234567890123456789012345678901234567890123456789012345678901234 

ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 4 

[Sysname-acl-user-5002] quit 

[Sysname] interface Ethernet 1/0/1 

[Sysname-Ethernet1/0/1] packet-filter inbound user-group 5002