3com MSR 20-20 참조 매뉴얼
2094
C
HAPTER
138: IP
V
4 ACL C
ONFIGURATION
C
OMMANDS
rule (in advanced IPv4 ACL view)
Syntax
rule [ rule-id ] { deny | permit } protocol [ destination { dest-addr dest-wildcard |
any } | destination-port operator port1 [ port2 ] | dscp dscp | established | fragment |
icmp-type { icmp-type icmp-code | icmp-message } | logging | precedence precedence
| reflective | source { sour-addr sour-wildcard | any } | source-port operator port1
[ port2 ] | time-range time-name | tos tos | vpn-instance vpn-instance-name ] *
any } | destination-port operator port1 [ port2 ] | dscp dscp | established | fragment |
icmp-type { icmp-type icmp-code | icmp-message } | logging | precedence precedence
| reflective | source { sour-addr sour-wildcard | any } | source-port operator port1
[ port2 ] | time-range time-name | tos tos | vpn-instance vpn-instance-name ] *
undo rule rule-id [ destination | destination-port | dscp | established | fragment |
icmp-type | logging | precedence | reflective | source | source-port | time-range | tos |
vpn-instance ] *
icmp-type | logging | precedence | reflective | source | source-port | time-range | tos |
vpn-instance ] *
View
Advanced IPv4 ACL view
Parameter
rule-id: Advanced IPv4 ACL rule number in the range 0 to 65534.
deny: Defines a deny statement to drop matched packets.
permit: Defines a permit statement to allow matched packets to pass.
protocol: Protocol carried by IP. It can be a number in the range 0 to 255, or in
words, gre (47), icmp (1), igmp (2), ip, ipinip (4), ospf (89), tcp (6), udp (17).
words, gre (47), icmp (1), igmp (2), ip, ipinip (4), ospf (89), tcp (6), udp (17).
Table 546 Parameters for advanced IPv4 ACL rules
Parameter Function Description
source { sour-addr
sour-wildcard | any }
sour-wildcard | any }
Specifies a source
address.
address.
The sour-addr sour-wildcard argument
specifies a source IP address in dotted decimal
notation. Setting the wildcard to a zero
indicates a host address. The any keyword
indicates any source IP address.
specifies a source IP address in dotted decimal
notation. Setting the wildcard to a zero
indicates a host address. The any keyword
indicates any source IP address.
destination
{ dest-addr
dest-wildcard | any }
{ dest-addr
dest-wildcard | any }
Specifies a
destination address.
destination address.
The dest-addr dest-wildcard argument
specifies a destination IP address in dotted
decimal notation. Setting the dest-wildcard to
a zero indicates a host address. The any
keyword indicates any destination IP address.
specifies a destination IP address in dotted
decimal notation. Setting the dest-wildcard to
a zero indicates a host address. The any
keyword indicates any destination IP address.
precedence
precedence
precedence
Specifies an IP
precedence value.
precedence value.
The precedence argument can be a number in
the range 0 to 7, or in words, routine,
priority, immediate, flash, flash-override,
critical, internet, or network.
the range 0 to 7, or in words, routine,
priority, immediate, flash, flash-override,
critical, internet, or network.
tos tos
Specifies a ToS
preference.
preference.
The tos argument can be a number in the
range 0 to 15, or in words, max-reliability
(2), max-throughput (4), min-delay (8),
min-monetary-cost (1), or normal (0).
range 0 to 15, or in words, max-reliability
(2), max-throughput (4), min-delay (8),
min-monetary-cost (1), or normal (0).
dscp dscp
Specifies a DSCP
priority.
priority.
The dscp argument can be a number in the
range 0 to 63, or in words, af11, af12, af13,
af21, af22, af23, af31, af32, af33, af41,
af42, af43, cs1, cs2, cs3, cs4, cs5, cs6, cs7,
default, or ef.
range 0 to 63, or in words, af11, af12, af13,
af21, af22, af23, af31, af32, af33, af41,
af42, af43, cs1, cs2, cs3, cs4, cs5, cs6, cs7,
default, or ef.
logging
Specifies to log
matched packets.
matched packets.
The log provides information about ACL rule
number, whether packets are permitted or
dropped, upper layer protocol that IP carries,
source/destination address, source/destination
port number, and number of packets.
number, whether packets are permitted or
dropped, upper layer protocol that IP carries,
source/destination address, source/destination
port number, and number of packets.