3Com 10014298 Switch User Manual


 
Configuring ACLs 153
Perform the following configuration in designated view.
An advanced ACL is identified with numbers ranging from 3000 to 3999.
Note that port1 and port2 in this command specify the TCP or UDP ports used by
various high-layer applications. For some common port numbers, you can use the
mnemonic symbols as a shortcut.
When you configure the rule, the following parameters are not supported by the
switch: icmp-type type code, tos tos, fragment.
When you configure the TCP/UDP port parameter, the following restrictions apply:
If you use the operator gt, the value of parameter port1 can only be 32767.
If you use the It operator, the value of parameter port1 should be a power
value of 2, i.e. 2^n
The switch doesn't support the operator neq.
If you use the operator range, these rules for the parameters port1 and port2
(support port_range = port2 - port1 + 1) should be followed:
port_range is a power value of 2.
port1 is a multiple value of port_range.
Defining a Layer-2 ACL
The rules of Layer-2 ACL are defined on the basis of the Layer-2 information, such
as, source MAC address, source VLAN ID, Layer-2 protocol type, Layer-2 packet
fomat, and destination MAC address.
Perform the following configuration in the designated view.
Table 165 Define Advanced ACL
Operation Command
Enter advanced ACL view (from system view) acl { number acl-number | name acl-name
advanced } [ match-order { config | auto } ]
Add a sub-item to the ACL (from advanced
ACL view)
rule [ rule-id ] { permit | deny } protocol [
source source-addr source-wildcard | any ] [
destination dest-addr wildcard | any ] [
source-port operator port1 [ port2 ] ] [
destination-port operator port1 [ port2 ] ] [
icmp-type type-code ] [ established ] [ [
precedence precedence | tos tos ]* | dscp
dscp ] [ fragment ] [ time-range name ]
Delete a sub-item from the ACL (from
advanced ACL view)
undo rule rule-id [ source ] [ destination ] [
source-port ] [ destination-port ] [
icmp-type ] [ precedence ] [ tos ] [ dscp ] [
fragment ] [ time-range ]
Delete one ACL or all the ACL (from system
view)
undo acl { number acl-number | name
acl-name | all }
Table 166 Define Layer-2 ACL
Operation Command
Enter Layer-2 ACL view (from system view) acl { number acl-number | name acl-name
link } [ match-order { config | auto } ]