Manualshelf

R0106-HP MSR Router Series ACL and QoS Command Reference(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router
31323334353637383940
26
undo rule rule-id [ counting | fragment | logging | source | time-range | vpn-instance ] *
Default
An IPv4 basic ACL does not contain any rule.
Views
IPv4 basic ACL view
Predefined user roles
network-admin
Parameters
rule-id: Specifies a rule ID in the range of 0 to 65534. If you do not specify a rule ID when creating an
ACL rule, the system automatically assigns it a rule ID. This rule ID is the nearest higher multiple of the
numbering step to the current highest rule ID, starting from 0. For example, if the rule numbering step is
5 and the current highest rule ID is 28, the rule is numbered 30.
deny: Denies matching packets.
permit: Allows matching packets to pass.
counting: Counts the number of times the IPv4 basic ACL rule has been matched. If the counting keyword
is not specified, matches for the rule are not counted.
fragment: Applies the rule only to non-first fragments. If you do not specify this keyword, the rule applies
to both fragments and non-fragments.
logging: Logs matching packets. This function is available only when the application module (for
example, packet filtering) that uses the ACL supports the logging function.
source { source-address source-wildcard | any }: Matches a source address. The source-address and
source-wildcard arguments specify a source IP address and a wildcard mask in dotted decimal notation.
A wildcard mask of zeros represents a host address. The any keyword represents any source IP address.
time-range time-range-name: Specifies a time range for the rule. The time-range-name argument is a
case-insensitive string of 1 to 32 characters. It must start with an English letter. If the time range is not
configured, the system creates the rule. However, the rule using the time range can take effect only after
you configure the timer range. For more information about time range, see ACL and QoS Configuration
Guide.
vpn-instance vpn-instance-name: Applies the rule to a VPN instance. The vpn-instance-name argument is
a case-sensitive string of 1 to 31 characters. If you do not specify any VPN instance, the rule applies only
to non-VPN packets.
Usage guidelines
Within an ACL, the permit or deny statement of each rule must be unique. If the ACL rule you are creating
or editing has the same deny or permit statement as another rule in the ACL, your creation or editing
attempt fails.
The object group you specify when creating or editing a rule must exist. Otherwise, your creation or
editing attempt fails.
You can edit ACL rules only when the match order is config.
If you do not specify any optional keywords, the undo rule command deletes the entire rule.
If you specify optional keywords or arguments, the undo rule command deletes the specified
attributes.
To view rules in an ACL and their rule IDs, use the display acl all command.