3com 4210 PWR 9-Port 3CR17341-91-ME User Manual
Product codes
3CR17341-91-ME
ACL Configuration
295
Configuration Procedure
Note that:
■
With the config match order specified for the basic ACL, you can modify any
existent rule. The unmodified part of the rule remains. With the auto match
order specified for the basic ACL, you cannot modify any existent rule;
otherwise the system prompts error information.
existent rule. The unmodified part of the rule remains. With the auto match
order specified for the basic ACL, you cannot modify any existent rule;
otherwise the system prompts error information.
■
If you do not specify the rule-id argument when creating an ACL rule, the rule
will be numbered automatically. If the ACL has no rules, the rule is numbered
0; otherwise, it is the maximum rule number plus one.
will be numbered automatically. If the ACL has no rules, the rule is numbered
0; otherwise, it is the maximum rule number plus one.
■
The content of a modified or created rule cannot be identical with the content
of any existing rule; otherwise the rule modification or creation will fail, and the
system prompts that the rule already exists.
of any existing rule; otherwise the rule modification or creation will fail, and the
system prompts that the rule already exists.
■
With the auto match order specified, the newly created rules will be inserted in
the existent ones by depth-first principle, but the numbers of the existent rules
are unaltered.
the existent ones by depth-first principle, but the numbers of the existent rules
are unaltered.
Configuration Example
# Configure ACL 2000 to deny packets whose source IP addresses are
192.168.0.1.
192.168.0.1.
<4210> system-view
[4210] acl number 2000
[4210-acl-basic-2000] rule deny source 192.168.0.1 0
# Display the configuration information of ACL 2000.
[4210-acl-basic-2000] display acl 2000
Basic ACL 2000, 1 rule
Acl’s step is 1
rule 0 deny source 192.168.0.1 0
Configuring Advanced
ACL
An advanced ACL can filter packets by their source and destination IP addresses,
the protocols carried by IP, and protocol-specific features such as TCP/UDP source
and destination ports, ICMP message type and message code.
the protocols carried by IP, and protocol-specific features such as TCP/UDP source
and destination ports, ICMP message type and message code.
Table 217 Define a basic ACL rule
Operation
Command
Description
Enter system view
system-view
-
Create an ACL and enter basic
ACL view
ACL view
acl number acl-number [
match-order { auto | config
} ]
match-order { auto | config
} ]
Required
config by default
Define an ACL rule
rule [ rule-id ] { deny | permit
} [ rule-string ]
} [ rule-string ]
Required
For information about
rule-string, refer to the ACL
command in the Switch 4210
Command REference Guide.
rule-string, refer to the ACL
command in the Switch 4210
Command REference Guide.
Configure a description string
to the ACL
to the ACL
description text
Optional
Not configured by default