3com 8807 참조 가이드
216
C
HAPTER
16: ACL C
OMMANDS
Using the acl command, you can create an ACL named "acl-name". And the type
of this ACL is decided by keywords: "advanced", "basic" or "link". After
entering a corresponding ACL view, no matter the ACL is identified by a number
or a name, you can use the rule command to create rules of this named ACL (you
can exit ACL view by using the quit command).
of this ACL is decided by keywords: "advanced", "basic" or "link". After
entering a corresponding ACL view, no matter the ACL is identified by a number
or a name, you can use the rule command to create rules of this named ACL (you
can exit ACL view by using the quit command).
You can select the match-order keyword to specify whether to match ACL rules
in configuration order or depth-first order (matching the rules with smaller range
first). By default, the former mode is selected. You cannot modify the matching
order once you specify it. To do so, you have to delete all rules of the ACL and
specify a matching order for it again.
in configuration order or depth-first order (matching the rules with smaller range
first). By default, the former mode is selected. You cannot modify the matching
order once you specify it. To do so, you have to delete all rules of the ACL and
specify a matching order for it again.
n
The user-defined ACL matching order takes effect only when multiple rules of one
ACL are applied at the same time. For example, an ACL has two rules. If the two
rules are not applied simultaneously, even if you configure the matching order to
be depth first, the switch still matches them according to their application order.
ACL are applied at the same time. For example, an ACL has two rules. If the two
rules are not applied simultaneously, even if you configure the matching order to
be depth first, the switch still matches them according to their application order.
If one rule is a subset of another rule in an ACL, it is recommended to apply the
rules according to the range of the specified packets. The rule with the smallest
range of the specified data packets is applied first, and then other rules are applied
based on this principle.
rules according to the range of the specified packets. The rule with the smallest
range of the specified data packets is applied first, and then other rules are applied
based on this principle.
If one ACL is used, you cannot use the undo acl all command to delete any ACL.
Related command: rule.
Example
# Specify depth first order as the match order of number 2000 ACL.
<SW8800> system-view
System View: return to User View with Ctrl+Z.
[SW8800] acl number 2000 match-order auto
display acl config
Syntax
display acl config { all | acl-number | acl-name }
View
Any view
Parameter
all: Displays all ACLs (both number- and name-identified ones).
acl-number: Serial number of the ACL to be displayed, in the range of 2000 to
4999.
4999.
acl-name: Name of the ACL to be displayed. String parameter which must start
with an English letter ([a-z, A-Z]) and no space is allowed in it.
with an English letter ([a-z, A-Z]) and no space is allowed in it.
Description
Use the display acl config command to view the configuration details of the
ACL, including all the rules, their serial numbers, quantities and number of bytes
of matched packets.
ACL, including all the rules, their serial numbers, quantities and number of bytes
of matched packets.