Filter
Top Products
2094 CHAPTER 138: IPV4 ACL CONFIGURATION COMMANDS
rule (in advanced IPv4 ACL view)
Syntax rule [ rule-id ] { deny | permit } protocol [ destination { dest-addr dest-wildcard |
any } | destination-port operator port1 [ port2 ] | dscp dscp | established | fragment |
icmp-type { icmp-type icmp-code | icmp-message } | logging | precedence precedence
| reflective | source { sour-addr sour-wildcard | any } | source-port operator port1
[ port2 ] | time-range time-name | tos tos | vpn-instance vpn-instance-name ] *
undo rule rule-id [ destination | destination-port | dscp | established | fragment |
icmp-type | logging | precedence | reflective | source | source-port |
time-range | tos |
vpn-instance ] *
View Advanced IPv4 ACL view
Parameter rule-id: Advanced IPv4 ACL rule number in the range 0 to 65534.
deny: Defines a deny statement to drop matched packets.
permit: Defines a permit statement to allow matched packets to pass.
protocol: Protocol carried by IP. It can be a number in the range 0 to 255, or in
words, gre (47), icmp (1), igmp (2), ip, ipinip (4), ospf (89), tcp (6), udp (17).
Table 546 Parameters for advanced IPv4 ACL rules
Parameter Function Description
source { sour-addr
sour-wildcard | any }
Specifies a source
address.
The sour-addr sour-wildcard argument
specifies a source IP address in dotted decimal
notation. Setting the wildcard to a zero
indicates a host address. The any keyword
indicates any source IP address.
destination
{ dest-addr
dest-wildcard | any }
Specifies a
destination address.
The dest-addr dest-wildcard argument
specifies a destination IP address in dotted
decimal notation. Setting the dest-wildcard to
a zero indicates a host address. The any
keyword indicates any destination IP address.
precedence
precedence
Specifies an IP
precedence value.
The precedence argument can be a number in
the range 0 to 7, or in words, routine,
priority, immediate, flash, flash-override,
critical, internet, or network.
tos tos Specifies a ToS
preference.
The tos argument can be a number in the
range 0 to 15, or in words, max-reliability
(2), max-throughput (4), min-delay (8),
min-monetary-cost (1), or normal (0).
dscp dscp Specifies a DSCP
priority.
The dscp argument can be a number in the
range 0 to 63, or in words, af11, af12, af13,
af21, af22, af23, af31, af32, af33, af41,
af42, af43, cs1, cs2
, cs3, cs4, cs5, cs6, cs7,
default, or ef.
logging Specifies to log
matched packets.
The log provides information about ACL rule
number, whether packets are permitted or
dropped, upper layer protocol that IP carries,
source/destination address, source/destination
port number, and number of packets.