3com 8807 User Guide
ACL Configuration Tasks
175
c
CAUTION:
■
The port1 and port2 parameters in the command listed in Table 152 should be
TCP/UDP ports for higher-layer applications. For some common ports, you can
use mnemonic symbols to replace the corresponding port numbers. For
example, you can use "bgp" to represent TCP port 179, which is for BGP
protocol.
TCP/UDP ports for higher-layer applications. For some common ports, you can
use mnemonic symbols to replace the corresponding port numbers. For
example, you can use "bgp" to represent TCP port 179, which is for BGP
protocol.
■
The rules with specified bt-flag cannot be used in the traffic-redirect
command.
command.
Defining Layer 2 ACLs
Layer 2 ACLs define the Layer 2 information such as source and destination MAC
addresses, source VLAN ID, and Layer 2 protocol type in their rules and process
packets according to these attributes.
addresses, source VLAN ID, and Layer 2 protocol type in their rules and process
packets according to these attributes.
Perform the following configurations in the specified view.
Activating ACL
After defining an ACL, you must activate it. This configuration activates those
ACLs to filter or classify the packets forwarded by hardware.
ACLs to filter or classify the packets forwarded by hardware.
For interface cards, perform the following configurations in Ethernet port view.
Delete an ACL rule
(advanced ACL view)
(advanced ACL view)
undo rule rule-id [ source | destination | source-port |
destination-port | icmp-type | precedence | tos | dscp |
fragment | bt-flag | time-range | vpn-instance ]*
destination-port | icmp-type | precedence | tos | dscp |
fragment | bt-flag | time-range | vpn-instance ]*
Delete an ACL or all ACLs
(system view)
(system view)
undo acl { number acl-number | name acl-name | all }
Table 152 Define advanced ACL
Operation Command
Table 153 Define Layer 2 ACLs
Operation
Command
Enter Layer 2 ACL view
(system view)
(system view)
acl { number acl-number | name acl-name link } [ match-order {
config | auto } ]
config | auto } ]
Define an ACL rule (in
Layer 2 ACL view)
Layer 2 ACL view)
rule [ rule-id ] { permit | deny } [ cos cos-value | c-tag-cos
c-cos-value | exp exp-value | protocol-type | mac-type {
any-broadcast-packet | arp-broadcast-packet |
non-arp-broadcast-packet | { { unicast-packet |
multicast-packet } [ known | unknown ] } } | ingress { {
source-vlan-id [ to source-vlan-id-end ] | source-mac-addr
source-mac-wildcard | c-tag-vlan c-tag-vlanid }* | any } | egress {
dest-mac-addr dest-mac-wildcard | any } | s-tag-vlan s-tag-vlanid
| time-range name ]*
c-cos-value | exp exp-value | protocol-type | mac-type {
any-broadcast-packet | arp-broadcast-packet |
non-arp-broadcast-packet | { { unicast-packet |
multicast-packet } [ known | unknown ] } } | ingress { {
source-vlan-id [ to source-vlan-id-end ] | source-mac-addr
source-mac-wildcard | c-tag-vlan c-tag-vlanid }* | any } | egress {
dest-mac-addr dest-mac-wildcard | any } | s-tag-vlan s-tag-vlanid
| time-range name ]*
Delete an ACL rule (Layer 2
ACL view)
ACL view)
undo rule rule-id
Delete an ACL or all ACLs
(system view)
(system view)
undo acl { number acl-number | name acl-name | all }
Table 154 Activate ACL
Operation
Command
Activate IP group ACL
packet-filter inbound ip-group { acl-number |
acl-name } [ rule rule [ system-index index ] ]
acl-name } [ rule rule [ system-index index ] ]