3com 3031 Instruccion De Instalación
806
C
HAPTER
58: ACL C
ONFIGURATION
the wildcard is, the smaller the specified host range. For example, 129.102.1.1
0.0.0.0 specifies a host: 129.102.1.1, while 129.102.1.1 0.0.255.255 specifies a
network segment: from 129.102.1.1 to 129.102.255.255. Obviously, the former is
put first in access control rule. The detailed standard is: for statements of basic
access control rule, directly compare their source address wildcards. If the same
wildcard is shared, arrange them according to configuration sequence. For
interface-based access control rules, put the rule configured with “any” behind,
and arrange others according to configuration sequence. For advance access
control rules, compare their source address wildcards first. If they are the same,
compare their destination address wildcards. If they are also the same, compare
their ranges of port number. Put those with smaller ranges before others. If the
ranges of port number are still the same, arrange then according to configuration
sequence.
0.0.0.0 specifies a host: 129.102.1.1, while 129.102.1.1 0.0.255.255 specifies a
network segment: from 129.102.1.1 to 129.102.255.255. Obviously, the former is
put first in access control rule. The detailed standard is: for statements of basic
access control rule, directly compare their source address wildcards. If the same
wildcard is shared, arrange them according to configuration sequence. For
interface-based access control rules, put the rule configured with “any” behind,
and arrange others according to configuration sequence. For advance access
control rules, compare their source address wildcards first. If they are the same,
compare their destination address wildcards. If they are also the same, compare
their ranges of port number. Put those with smaller ranges before others. If the
ranges of port number are still the same, arrange then according to configuration
sequence.
The
display acl
command can be used to verify which rule takes effect first.
Upon the display, the rule that is listed first takes effect first.
ACL Creation
An ACL is virtually a series of rule lists that consist of
permit
|
deny
statements.
Several rule lists constitute an ACL. Before configuring the rule of ACL, you need
to create an ACL first.
to create an ACL first.
The following parameters need to be specified to create an ACL:
■
Number-typed ACL
■
Specify the match order of the ACL
The following command can be used to create an ACL:
acl { number acl-number } [ match-order { config | auto } ]
The following command can be used to delete an ACL:
undo acl { number acl-number | all
}
Parameter description:
■
number acl-number
: Specify a number-typed ACL.
■
acl-number
: Number of ACL, see Table 877 for ranges.
■
match-order config
: Specify to match rules according to configuration
sequence of the user.
■
match-order auto
: Specify to match rules by system automatic sequencing,
namely in “depth priority” sequence.
■
all
: Delete all configured ACL.
By default, the match order is configuration sequence of the user, namely
config
is in use. Once the user specifies the match order of a certain ACL, he can never
change it, unless he deletes all the contents in the ACL and specifies its match
order again.
change it, unless he deletes all the contents in the ACL and specifies its match
order again.
ACL view can be entered after an ACL is created. ACL view is classified according
to the application purpose of ACL. For example, advanced ACL view can be
entered by creating a number-typed ACL numbered 3000. The following is the
router prompt:
to the application purpose of ACL. For example, advanced ACL view can be
entered by creating a number-typed ACL numbered 3000. The following is the
router prompt:
[3Com-acl-adv-3000]