Manualshelf

R3166-R3206-HP High-End Firewalls Access Control Command Reference-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
21222324252627282930
15
To view rules in an ACL and their rule IDs, use the display acl all command.
Related commands: acl, display acl, step, and time-range.
Examples
# Create a rule in IPv4 basic ACL 2000 to deny the packets from any source IP segment but 10.0.0.0/8,
172.17.0.0/16, or 192.168.1.0/24.
<Sysname> system-view
[Sysname] acl number 2000
[Sysname-acl-basic-2000] rule permit source 10.0.0.0 0.255.255.255
[Sysname-acl-basic-2000] rule permit source 172.17.0.0 0.0.255.255
[Sysname-acl-basic-2000] rule permit source 192.168.1.0 0.0.0.255
[Sysname-acl-basic-2000] rule deny source any
rule comment
Syntax
rule rule-id comment text
undo rule rule-id comment
View
IPv4 basic/advanced ACL view, Ethernet frame header ACL view
Default level
2: System level
Parameters
rule-id: Specifies the ID of an existing ACL rule. The ID ranges from 0 to 65534.
text: Adds a comment about the ACL rule, a case sensitive string of 1 to 127 characters.
Description
Use the rule comment command to add a comment about an existing ACL rule or edit its comment to
make the rule easy to understand.
Use the undo rule comment command to delete the ACL rule comment.
By default, an IPv4 ACL rule has no rule comment.
Related commands: display acl.
Examples
# Create a rule in IPv4 basic ACL 2000 and add a comment about the rule.
<Sysname> system-view
[Sysname] acl number 2000
[Sysname-acl-basic-2000] rule 0 deny source 1.1.1.1 0
[Sysname-acl-basic-2000] rule 0 comment This rule is used on GigabitEthernet 0/1.
step
Syntax
step step-value
undo step