3com 4210 User Manual

# Define a periodic time range that is from 8:00 to 18:00 on working days.

<3Com> system-view

[3Com] time-range test 8:00 to 18:00 working-day 

# Define advanced ACL 3000 to filter packets destined for the wage query server.

[3Com] acl number 3000

[3Com-acl-adv-3000] rule 1 deny ip destination 192.168.1.2 0 time-range test

[3Com-acl-adv-3000] quit 

# Apply ACL 3000 to Ethernet 1/0/1.

[3Com] interface Ethernet 1/0/1

[3Com-Ethernet1/0/1] packet-filter inbound ip-group 3000 

#

acl number 3000

rule 1 deny IP destination 192.168.1.2 0 time-range test

#

interface Ethernet1/0/1

packet-filter inbound ip-group 3000 rule 1

#

time-range test 08:00 to 18:00 working-day

# 

■

ACL 3998 and ACL 3999 are reserved for cluster management.

■

If a packet matches multiple ACL rules at the same time and some actions of 
the rules conflict, the last assigned rule takes effective.

■

For an advanced ACL applied to a port, if a rule defines the TCP/UDP port 
information, the operator argument can only be eq.

■

When applying multiple rules, you are recommended to apply rules in the 
ascending order of their mask ranges and apply rues with the same mask range 
at the same time. This is to ensure that the actual operation of the rules is 
consistent with the requirements.

■

Some functions and protocols configured on the device may occupy ACL rule 
resources. The actual occupation varies with functions and protocols.

Ethernet frame header ACLs filter packets based on Layer 2 header information 
such as source and destination MAC addresses, 802.1p priority and type of the 
Layer 2 protocol.

The numbers of Ethernet frame header ACLs range from 4000 to 4999.

Switch 5500G

Release V03.02.04 

All versions 

Switch 4500

Release V03.03.00 

All versions