Filter
Top Products
2099
l2: Sets the offset from the beginning of the Layer 2 frame header.
time-range time-name: Specifies the time range in which the rule can take effect.
The time-name argument is a case-insensitive string of 1 to 32 characters. The
name must begin with an English letter and cannot be all to avoid confusion.
rule-string: Defines a match pattern in hexadecimal format. Its length must be a
multiple of two.
rule-mask: Defines a match pattern mask in hexadecimal format. Its length must
be the same as that of the match pattern.
offset: The offset in bytes at which the match operation begins.
&<1-8>: Indicates that up to eight match patterns can be defined in the rule.
Description Use the
rule command to create a user-defined IPv4 ACL rule.
Use the
undo rule command to remove a user-defined ACL rule.
You will fail to create or modify a user-defined ACL rule if its permit/deny
statement is exactly the same as another rule.
When defining user-defined ACL rules, you need not assign them IDs. The system
can automatically assign rule IDs starting with 0 and increasing in rule numbering
steps of five. A rule ID thus assigned is greater than the current highest rule ID. For
example, if the current highest rule ID is 28, the next rule will be numbered 30. For
detailed information about step, refer to “step (for IPv4)” on page 2100 and “step
(for IPv6)” on page 2116.
You may use the display acl command to verify rules configured in an ACL.
n
The support to this command varies by device.
Example # Create a user-defined ACL rule.
<Sysname> system-view
[Sysname] acl number 5005
[Sysname-acl-user-5005] rule 0 permit l2 0806 ffff 20
rule comment (for IPv4)
Syntax rule rule-id comment text
undo rule rule-id comment
View Basic IPv4 ACL view, advanced IPv4 ACL view, Ethernet frame header ACL view,
user-defined ACL view
Parameter rule-id: IPv4 ACL rule number in the range 0 to 65534.