3com 8807 사용자 가이드
176
C
HAPTER
21: ACL C
ONFIGURATION
For service processor cards, perform the following configurations in VLAN view.
system-index index here is the system index for an ACL rule. When delivering a
rule, the system assigns a globally unique index to it, for convenience of later
retrieval. You can also assign a system index for it when delivering an ACL rule
with this command, but the index value may change while the system is running.
You are not recommended to assign a system index if not urgently necessary.
rule, the system assigns a globally unique index to it, for convenience of later
retrieval. You can also assign a system index for it when delivering an ACL rule
with this command, but the index value may change while the system is running.
You are not recommended to assign a system index if not urgently necessary.
Displaying and
Debugging ACL
Configurations
Debugging ACL
Configurations
After these configurations are completed, you can use the display command in
any view to view ACL running to check configuration result. You can clear ACL
statistics using the display command in user view.
any view to view ACL running to check configuration result. You can clear ACL
statistics using the display command in user view.
Deactivate IP group ACL
undo packet-filter inbound ip-group { acl-number
| acl-name } [ rule rule ]
| acl-name } [ rule rule ]
Activate IP group ACL and link group
ACL at same time
ACL at same time
packet-filter inbound ip-group { acl-number |
acl-name } { rule rule link-group { acl-number |
acl-name } [ rule rule [ system-index index ] ] |
link-group { acl-number | acl-name } rule rule }
acl-name } { rule rule link-group { acl-number |
acl-name } [ rule rule [ system-index index ] ] |
link-group { acl-number | acl-name } rule rule }
Deactivate IP group ACL and link group
ACL at same time
ACL at same time
undo packet-filter inbound ip-group { acl-number
| acl-name } { rule rule link-group { acl-number |
acl-name } [ rule rule ] | link-group { acl-number |
acl-name } rule rule }
| acl-name } { rule rule link-group { acl-number |
acl-name } [ rule rule ] | link-group { acl-number |
acl-name } rule rule }
Activate link group ACL
packet-filter inbound link-group { acl-number |
acl-name } [ rule rule [ system-index index ] ]
acl-name } [ rule rule [ system-index index ] ]
Deactivate link group ACL
undo packet-filter inbound link-group {
acl-number | acl-name } [ rule rule ]
acl-number | acl-name } [ rule rule ]
Table 155 Activate ACL
Operation
Command
Activate ip group ACL
packet-filter inbound ip-group {
acl-number | acl-name } [ rule rule] [
system-index index] slot slotid
acl-number | acl-name } [ rule rule] [
system-index index] slot slotid
Deactivate ip group ACL
undo packet-filter inbound ip-group {
acl-number | acl-name } [ rule rule ] slot slotid
acl-number | acl-name } [ rule rule ] slot slotid
Table 154 Activate ACL
Operation Command
Table 156 Display and debug ACL configurations
Operation
Command
Display the configuration and status of the
current time range
current time range
display time-range { all | name }
Display ACL configuration
display acl config { all | acl-number |
acl-name }
acl-name }
Display the total number of ACL rules applied
on the specified card
on the specified card
display acl remaining entry slot slotid
Display ACL application information
display acl running-packet-filter { all |
interface interface-type interface-number |
vlan vlan-id }
interface interface-type interface-number |
vlan vlan-id }
Display the configuration information of the
flow template
flow template
display flow-template [ default | interface
interface-type interface-number | slot slotid |
user-defined ]
interface-type interface-number | slot slotid |
user-defined ]