3Com 3.01.01 Switch User Manual


 
212 CHAPTER 7: QOS/ACL OPERATION
Note that the port1 and port2 parameters in the command should be TCP/UDP
ports for advanced applications. For some common ports, you can use mnemonic
symbols to replace numbers. For example, you can use "bgp" to represent TCP
port 179, which is for BGP protocol.
Defining L2 ACLs
L2 ACLs define source and destination MAC addresses, source and destination
VLAN IDs, L2 protocol type in their rules and process packets according to these
attributes.
Perform the following configurations in the specified view.
Activating ACLs After you define an ACL, you must activate it. This configuration activates those
ACLs to filter or classify the packets forwarded by hardware.
Perform the following configurations in Ethernet interface or VLAN view.
Define an ACL rule (advanced ACL view) rule [ rule-id ] { permit | deny } protocol [ source {
source-addr wildcard | any } ] [ destination {
dest-addr wildcard | any } ] [ source-port operator
port1 [ port2 ] ] [ destination-port operator port1 [
port2 ] ] [ icmp-type type code ] [ established ] [ [
precedence precedence | tos tos ]* | dscp dscp ] [
fragment ] [ time-range name ] [ vpn-instance
instance-name ]
Delete an ACL rule (advanced ACL view) undo rule rule-id [ source | destination |
source-port | destination-port | icmp-type |
precedence | tos | dscp | fragment | time-range |
vpn-instance ]*
Delete an ACL or all ACLs (system view) undo acl { number acl-number | name acl-name |
all }
Table 8 Defining L2 ACLs
Operation Command
Enter L2 ACL view (system view) acl { number acl-number | name acl-name link } [
match-order { config | auto } ]
Define an ACL rule (L2 ACL view) rule [ rule-id ] { permit | deny } [ protocol | ingress
{ { source-vlan-id | source-mac-addr
source-mac-wildcard }* | any } | egress {
dest-mac-addr dest-mac-wildcard | any } |
time-range name ]*
Delete an ACL rule (L2 ACL view) undo rule rule-id
Delete an ACL or all ACLs (system view) undo acl { number acl-number | name acl-name |
all }
Table 7 Defining advanced ACL
Operation Command
Table 9 Activating ACL
Operation Command
Activate IP group ACL packet-filter inbound ip-group { acl-number |
acl-name } [ rule rule [ system-index index ] ]
Deactivate IP group ACL undo packet-filter inbound ip-group {
acl-number | acl-name } [ rule rule ]