Support User Manuals

3Com MSR 50 Network Router User Manual

Open as PDF

of 2742

2097

When defining ACL rules, you need not assign them IDs. The system can

automatically assign rule IDs starting with 0 and increasing in certain rule

numbering steps. A rule ID thus assigned is greater than the current highest rule

ID. For example, if the rule numbering step is five and the current highest rule ID is

28, the next rule will be numbered 30. For detailed information about step, refer

to “step (for IPv4)” on page 2100 and “step (for IPv6)” on page 2116.

You may use the display acl command to verify rules configured in an ACL. If the

match order for this ACL is auto, rules are displayed in the depth-first order rather

than by rule number.

Example # Define a rule to permit the TCP packets to pass with the destination port 80 sent

from 129.9.0.0 to 202.38.160.0.

<Sysname> system-view

[Sysname] acl number 3101

[Sysname-acl-adv-3101] rule permit tcp source 129.9.0.0 0.0.255.255

destination 202.38.160.0 0.0.0.255 destination-port eq 80

rule (in Ethernet frame header ACL view)

Syntax rule [ rule-id ] { deny | permit } [ cos vlan-pri | dest-mac dest-addr dest-mask | lsap

lsap-code lsap-wildcard | source-mac sour-addr source-mask | time-range time-name |

type type-code type-wildcard ] *

undo rule rule-id

View Ethernet frame header ACL view

Parameter rule-id: Ethernet frame header ACL rule number in the range 0 to 65534.

deny: Defines a deny statement to drop matched packets.

permit: Defines a permit statement to allow matched packets to pass.

cos vlan-pri: Defines an 802.1p priority. The vlan-pri argument takes a value in the

range 0 to 7; or its equivalent in words, best-effort, background, spare,

excellent-effort, controlled-load, video, voice, or network-management.

dest-mac dest-addr dest-mask: Specifies a destination MAC address range. The

dest-addr and dest-mask arguments indicate a destination MAC address and mask

in xxxx-xxxx-xxxx format.

lsap lsap-code lsap-wildcard: Defines the DSAP and SSAP fields in the LLC

encapsulation. The lsap-code argument is a 16-bit hexadecimal number indicating

frame encapsulation. The lsap-wildcard argument is a 16-bit hexadecimal number

indicating the wildcard of the LSAP code.

source-mac sour-addr source-mask: Specifies a source MAC address range. The

sour-addr and sour-mask arguments indicate a source MAC address and mask in

xxxx-xxxx-xxxx format.

previous next