Support User Manuals

3Com 3.01.01 Switch User Manual

Open as PDF

of 356

212 CHAPTER 7: QOS/ACL OPERATION

Note that the port1 and port2 parameters in the command should be TCP/UDP

ports for advanced applications. For some common ports, you can use mnemonic

symbols to replace numbers. For example, you can use "bgp" to represent TCP

port 179, which is for BGP protocol.

Defining L2 ACLs

L2 ACLs define source and destination MAC addresses, source and destination

VLAN IDs, L2 protocol type in their rules and process packets according to these

attributes.

Perform the following configurations in the specified view.

Activating ACLs After you define an ACL, you must activate it. This configuration activates those

ACLs to filter or classify the packets forwarded by hardware.

Perform the following configurations in Ethernet interface or VLAN view.

Define an ACL rule (advanced ACL view) rule [ rule-id ] { permit | deny } protocol [ source {

source-addr wildcard | any } ] [ destination {

dest-addr wildcard | any } ] [ source-port operator

port1 [ port2 ] ] [ destination-port operator port1 [

port2 ] ] [ icmp-type type code ] [ established ] [ [

precedence precedence | tos tos ]* | dscp dscp ] [

fragment ] [ time-range name ] [ vpn-instance

instance-name ]

Delete an ACL rule (advanced ACL view) undo rule rule-id [ source | destination |

source-port | destination-port | icmp-type |

precedence | tos | dscp | fragment | time-range |

vpn-instance ]*

Delete an ACL or all ACLs (system view) undo acl { number acl-number | name acl-name |

all }

Table 8 Defining L2 ACLs

Operation Command

Enter L2 ACL view (system view) acl { number acl-number | name acl-name link } [

match-order { config | auto } ]

Define an ACL rule (L2 ACL view) rule [ rule-id ] { permit | deny } [ protocol | ingress

{ { source-vlan-id | source-mac-addr

source-mac-wildcard }* | any } | egress {

dest-mac-addr dest-mac-wildcard | any } |

time-range name ]*

Delete an ACL rule (L2 ACL view) undo rule rule-id

Delete an ACL or all ACLs (system view) undo acl { number acl-number | name acl-name |

all }

Table 7 Defining advanced ACL

Operation Command

Table 9 Activating ACL

Operation Command

Activate IP group ACL packet-filter inbound ip-group { acl-number |

acl-name } [ rule rule [ system-index index ] ]

Deactivate IP group ACL undo packet-filter inbound ip-group {

acl-number | acl-name } [ rule rule ]

previous next