Support User Manuals

3Com 5500 Switch User Manual

Open as PDF

of 336

Configuring User-Defined ACLs 211

Precautions ■ If a packet matches multiple ACL rules at the same time and some actions of

the rules conflict, the last assigned rule takes effective. For an Ethernet frame

header ACL applied to a port, you cannot configure the format-type argument

as 802.3/802.2, 802.3, ether_ii or snap.

■ When applying multiple rules, you are recommended to apply rules in the

ascending order of their mask ranges and apply rues with the same mask range

at the same time. This is to ensure that the actual operation of the rules is

consistent with the requirements.

■ Some functions and protocols configured on the device may occupy ACL rule

resources. The actual occupation varies with functions and protocols.

Configuring

User-Defined ACLs

A user-defined ACL filters packets by comparing the strings retrieved from the

packets with specified strings. It defines the byte it begins to perform the “and”

operation with the mask on the basis of packet headers.

The numbers of user-defined ACLs range from 5000 to 5999.

Network Diagram

Figure 61 Network diagram for user-defined ACL configuration

Networking and

Configuration

Requirements

PC 1 and PC 2 are connected to the switch through Ethernet 1/0/1 and Ethernet

1/0/2 respectively (assuming that the switch is a Switch 5500). The IP addresses of

PC 1 and PC 2 are 192.168.0.2 and 192.168.0.3.

PC 1 and PC 2 belong to VLAN 1 and access the Internet through the same

gateway, which has an IP address of 192.168.0.1 (the IP address of VLAN-interface

1).

Configure a user-defined ACL to deny all ARP packets from PC 1 that use the

gateway IP address as the source address from 8:00 to 18:00 everyday.

Applicable Products

Configuration Procedure # Define a periodic time range that is from 8:00 to 18:00 everyday.

<3Com> system-view

[3Com] time-range test 8:00 to 18:00 daily

PC 1

192.168.0.2

Switch

Eth1/0/1

PC 2

192.168.0.3

To the router

Eth1/0/2

Vlan-int 1

192.168.0.1

Product series Software version Hardware version

Switch 5500 Release V03.02.04 All versions

Switch 5500G Release V03.02.04 All versions

Switch 4500 Release V03.03.00 All versions

previous next