Manualshelf

R2511-HP MSR Router Series ACL and QoS Command Reference(V5)

ManualsBrandsHP ManualsNetwork HardwareHP MSR1003-8 AC Router
31323334353637383940
30
Parameters
rule-id: Specifies a rule ID in the range of 0 to 65534. If no rule ID is provided when you create an ACL
rule, the system automatically assigns it a rule ID. This rule ID takes the nearest higher multiple of the
numbering step to the current highest rule ID, starting from 0. For example, if the rule numbering step is
5 and the current highest rule ID is 28, the rule is numbered 30.
deny: Denies matching packets.
permit: Allows matching packets to pass.
l2: Specifies that the offset is relative to the beginning of the Layer 2 frame header.
start: Specifies that the offset is relative to the beginning of the outmost header. The start byte varies with
device models.
rule-string: Defines a match pattern in hexadecimal format. Its length must be a multiple of two.
rule-mask: Defines a match pattern mask in hexadecimal format. Its length must be the same as that of the
match pattern. A match pattern mask is used for ANDing the selected string of a packet.
offset: Offset in bytes after which the match operation begins.
&<1-8>: Specifies that up to eight match patterns can be defined in the ACL rule.
counting: Counts the number of times the ACL rule has been matched. This option is disabled by default.
time-range time-range-name: Specifies a time range for the rule. The time-range-name argument takes a
case-insensitive string of 1 to 32 characters. It must start with an English letter. If the time range is not
configured, the system creates the rule. However, the rule using the time range can take effect only after
you configure the timer range.
Usage guidelines
Within an ACL, the permit or deny statement of each rule must be unique. If the ACL rule you are creating
or editing has the same deny or permit statement as another rule in the ACL, your creation or editing
attempt fails.
To view rules in an ACL and their rule IDs, use the display acl all command.
Examples
# Create a rule for user-defined ACL 5005 to permit packets in which the 13th and 14th bytes starting
from the Layer 2 header are 0x0806 (that is, ARP packets).
<Sysname> system-view
[Sysname] acl number 5005
[Sysname-acl-user-5005] rule permit l2 0806 ffff 12
Related commands
acl
display acl
step
time-range
rule (WLAN ACL view)
Use rule to create or edit a WLAN ACL rule.
Use undo rule to delete an entire WLAN ACL rule.