3com 8807 Reference Guide
ACL Commands
225
<SW8800> reset acl counter 2000
rule
Syntax
Define or delete the subrules of a basic ACL
rule [ rule-id ] { permit | deny } [ source { source-addr wildcard | any } | fragment
| time-range name | vpn-instance instance-name ]*
| time-range name | vpn-instance instance-name ]*
undo rule rule-id [ source | fragment | time-range | vpn-instance
instance-name ]*
instance-name ]*
Define or delete the subrules of an advanced ACL
rule [ rule-id ] { permit | deny } protocol [ source { source-addr wildcard | any } ] [
destination { dest-addr wildcard | any } ] [ source-port operator port1 [ port2 ] ]
[ destination-port operator port1 [ port2 ] ] [ icmp-type type code ] [
established ] [ [ precedence precedence | tos tos ]* | dscp dscp ] [ fragment ] [
bt-flag ] [ time-range name ] [ vpn-instance instance-name ]
destination { dest-addr wildcard | any } ] [ source-port operator port1 [ port2 ] ]
[ destination-port operator port1 [ port2 ] ] [ icmp-type type code ] [
established ] [ [ precedence precedence | tos tos ]* | dscp dscp ] [ fragment ] [
bt-flag ] [ time-range name ] [ vpn-instance instance-name ]
undo rule rule-id [ source | destination | source-port | destination-port |
icmp-type | precedence | tos | dscp | fragment | bt-flag | time-range |
vpn-instance ]*
icmp-type | precedence | tos | dscp | fragment | bt-flag | time-range |
vpn-instance ]*
Define or delete the rules of a Layer 2 ACL
rule [ rule-id ] { permit | deny } [ cos cos-value | c-tag-cos c-cos-value | exp
exp-value | protocol-type | mac-type { any-broadcast-packet |
arp-broadcast-packet | non-arp-broadcast-packet | { { unicast-packet |
multicast-packet } [ known | unknown ] } } | ingress { { source-vlan-id [ to
source-vlan-id-end ] | source-mac-addr source-mac-wildcard | c-tag-vlan
c-tag-vlanid }* | any } | egress { dest-mac-addr dest-mac-wildcard | any } |
s-tag-vlan s-tag-vlanid | time-range name ]*
exp-value | protocol-type | mac-type { any-broadcast-packet |
arp-broadcast-packet | non-arp-broadcast-packet | { { unicast-packet |
multicast-packet } [ known | unknown ] } } | ingress { { source-vlan-id [ to
source-vlan-id-end ] | source-mac-addr source-mac-wildcard | c-tag-vlan
c-tag-vlanid }* | any } | egress { dest-mac-addr dest-mac-wildcard | any } |
s-tag-vlan s-tag-vlanid | time-range name ]*
undo rule rule-id
View
Corresponding ACL view
Parameter
rule-id: Specifies a rule number of the ACL, in the range of 0 to 127
permit: Allows qualified packets to pass.
deny: Forbids qualified packets to pass.
c
CAUTION: If the rule command includes the deny key word, the rule created can
be used for the packet-filter command and the traffic-statistic command only.
be used for the packet-filter command and the traffic-statistic command only.
time-range name: Time range name, optional parameter. It means the rule takes
effect in this time range.
effect in this time range.
n
The following parameters are for the attributes of the packet. The ACL generates
rules according to these attribute parameters.
rules according to these attribute parameters.
■
Parameters specific to basic ACLs: