Support User Manuals

3Com 5500-SI Switch User Manual

Open as PDF

of 686

354 CHAPTER 19: ACL CONFIGURATION

Table 363 Define Basic ACL

Define Advanced ACL

The rules of the classification for advanced ACL are defined on the basis of the

attributes such as source and destination IP address, the TCP or UDP port number in

use and packet priority to process the data packets. The advanced ACL supports the

analysis of three types of packet priorities, ToS (Type of Service), IP and DSCP priorities.

You can use the following command to define advanced ACL.

Perform the following configuration in the corresponding view.

Table 364 Define Advanced ACL

Note that, the port1 and port2 in the above command specify the TCP or UDP ports

used by various high-layer applications. For some common port numbers, you can use

the mnemonic symbols as a shortcut. For example, “bgp” can represent the TCP

number 179 used by BGP.

Define Layer-2 ACL

The rules of Layer-2 ACL are defined on the basis of the Layer-2 information such as

source MAC address, source VLAN ID, Layer-2 protocol type, Layer-2 packet format

and destination MAC address.

You can use the following command to define the numbered Layer-2 ACL.

Perform the following configuration in corresponding view.

Operation Command

Enter basic ACL view (from System

View)

acl number acl_number [ match-order {

config | auto } ]

add a sub-item to the ACL (from

Basic ACL View)

rule [ rule_id ] { permit | deny } [

source { source_addr wildcard | any } |

fragment | logging | time-range name ]*

delete a sub-item from the ACL (from

Basic ACL View)

undo rule rule_id [ source | fragment |

logging | time-range ]*

Delete one ACL or all the ACL (from

System View)

undo acl { number acl_number | all }

Operation Command

Enter advanced ACL view (from

System View)

acl number acl_number [ match-order { config

| auto } ]

Add a sub-item to the ACL (from

Advanced ACL View)

rule [ rule_id ] { permit | deny } protocol [

source { source_addr wildcard | any } ] [

destination { dest_addr wildcard | any } ] [

source-port operator port1 [ port2 ] ] [

destination-port operator port1 [ port2 ] ] [

icmp-type type code ] [ established ] [ [ {

precedence precedence tos tos | dscp dscp }* |

vpn-instance instance ] | fragment | logging

| time-range name ]*

Delete a sub-item from the ACL

(from Advanced ACL View)

undo rule rule_id [ source | destination |

source-port | destination-port | icmp-type |

precedence | tos | dscp | fragment | logging

| time-range | vpn-instance ]*

Delete one ACL or all the ACL

(from System View)

undo acl { number acl_number | all }

previous next