3Com Switch 7750 Configuration Guide Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

591

592

593

594

595

596

597

598

599

600

Defining Advanced ACLs 599

Configuration

Preparation

Before configuring an ACL rule containing time range arguments, you need to

configure define the corresponding time ranges. For the configuration of time

ranges, refer to

“Configuring Time Ranges”.

The values of source and destination IP addresses, the type of the protocols carried

by IP, and protocol-specific features in the rule have been defined.

Configuration Procedure

rule-string: rule information, which can be combination of the parameters

described in

Table 468. You must configure the protocol argument in the rule

information before you can configure other arguments.

Table 467 Define an advanced ACL rule

Operation Command Description

Enter system view system-view -

Create or enter advanced ACL

view

acl { number acl-number |

name acl-name [ advanced |

basic | link | user ] } [

match-order { config | auto

} ]

Required

By the default, the match

order is config.

Define an rule

rule [ rule-id ] { permit | deny

} rule-string

Required

Define the comment string of

the ACL rule

rule rule-id comment text Optional

Display ACL information

display acl config { all |

acl-number | acl-name }

Optional

This command can be

executed in any view.

Table 468 Rule information

Parameter Type Function Description

protocol Protocol type

Type of protocol over

When expressed in

numerals, the value

range is 1 to 255.

When expressed with

a name, the value can

be GRE, ICMP, IGMP,

IP, IPinIP, OSPF, TCP,

and UDP.

source { sour-addr

sour-wildcard | any }

Source address

information

Specifies the source

address information in

the rule

sour-addr

sour-wildcard is used

to specify the source

address of the packet,

expressed in dotted

decimal notation.

any represents all

source addresses.

destination {

dest-addr

dest-wildcard | any }

Destination address

information

Specifies the

destination address

information in the

rule

dest-addr

dest-wildcard is used

to specify the

destination address of

the packet, expressed

in dotted decimal

notation.

any represents all

destination address.