3com S7906E Guide De Référence
1-12
than the current highest rule ID. For example, if the rule numbering step is 5 and the current highest
rule ID is 28, the next rule will be numbered 30.
z
You may use the display acl command to verify rules configured in an ACL. If the match order for
this ACL is auto, rules are displayed in the depth-first match order rather than by rule number.
For a basic IPv4 ACL rule to be referenced by a QoS policy for traffic classification, the logging and
vpn-instance keywords are not supported.
Examples
# Create a rule to deny packets with the source IP address 1.1.1.1.
<Sysname> system-view
[Sysname] acl number 2000
[Sysname-acl-basic-2000] rule deny source 1.1.1.1 0
rule (in advanced IPv4 ACL view)
Syntax
rule [ rule-id ] { deny | permit } protocol [ destination { dest-addr dest-wildcard | any } |
destination-port operator port1 [ port2 ] | dscp dscp | fragment | icmp-type { icmp-type icmp-code |
icmp-message } | logging | precedence precedence | reflective | source { sour-addr sour-wildcard |
any } | source-port operator port1 [ port2 ] | time-range time-range-name | tos tos | vpn-instance
vpn-instance-name ] *
undo rule rule-id [ destination | destination-port | dscp | fragment | icmp-type | logging |
precedence | reflective | source | source-port | time-range | tos | vpn-instance ] *
View
Advanced IPv4 ACL view
Default Level
2: System level
Parameters
rule-id: Advanced IPv4 ACL rule number in the range 0 to 65534.
deny: Defines a deny statement to drop matched packets.
permit: Defines a permit statement to allow matched packets to pass.
protocol: Protocol carried by IP. It can be a number in the range 0 to 255, or in words, gre (47), icmp (1),
igmp (2), ip, ipinip (4), ospf (89), tcp (6), udp (17).