3com S7906E Guide De Référence

 

1-12 

than the current highest rule ID. For example, if the rule numbering step is 5 and the current highest 

rule ID is 28, the next rule will be numbered 30.  

z 

You may use the display acl command to verify rules configured in an ACL. If the match order for 

this ACL is auto, rules are displayed in the depth-first match order rather than by rule number.  

 

For a basic IPv4 ACL rule to be referenced by a QoS policy for traffic classification, the logging and 

vpn-instance keywords are not supported. 

 

# Create a rule to deny packets with the source IP address 1.1.1.1.  

<Sysname> system-view 

[Sysname] acl number 2000 

[Sysname-acl-basic-2000] rule deny source 1.1.1.1 0 

rule [ rule-id ] { deny | permit } protocol  [  destination { dest-addr dest-wildcard | any } | 

destination-port operator port1 [ port2 ] | dscp dscp | fragment | icmp-type { icmp-type icmp-code | 

icmp-message } | logging | precedence precedence | reflective | source { sour-addr sour-wildcard | 

any } | source-port operator port1 [ port2 ] | time-range time-range-name | tos tos | vpn-instance 

vpn-instance-name ] * 

undo  rule  rule-id [ destination  | destination-port | dscp | fragment |  icmp-type  | logging  | 

precedence | reflective | source | source-port | time-range | tos | vpn-instance ] * 

Advanced IPv4 ACL view  

2: System level 

rule-id: Advanced IPv4 ACL rule number in the range 0 to 65534.  

deny: Defines a deny statement to drop matched packets.  

permit: Defines a permit statement to allow matched packets to pass.  

protocol: Protocol carried by IP. It can be a number in the range 0 to 255, or in words, gre (47), icmp (1), 

igmp (2), ip, ipinip (4), ospf (89), tcp (6), udp (17).