3Com Switch 7750 Configuration Guide Guide
606 CHAPTER 57: ACL CONFIGURATION
Defining User-Defined
ACLs
Using a byte, which is specified through its offset from the packet header, in the
packet as the starting point, user-defined ACLs perform logical AND operations on
packets and compare the extracted string with the user-defined string to find the
matching packets for processing.
User-defined ACL numbers range from 5,000 to 5,999.
Configuration
Preparation
To configure a time range-based ACL rule, you need first to define the
corresponding time range, as described in
“Configuring Time Ranges”.
Configuration Procedure
When you specify the rule ID by using the rule command, note that:
■ You can specify an existing rule ID to modify the corresponding rule. ACEs that
are not modified remain unchanged.
■ You can create a rule by specifying an ID that identifies no rule.
■ You will fail to create a rule if the newly created rule is the same as an existing
one.
If you do not specify the rule ID when creating an ACL rule, the rule ID of the
newly created rule is assigned by the system.
n
Only I/O Modules other than Type A support the user-defined ACL.
Configuration Example # Configure ACL 5001 to deny all TCP packets.
<SW7750> system-view
[SW7750] time-range t1 18:00 to 23:00 sat
[SW7750] acl number 5001
[SW7750-acl-user-5001] rule 25 deny 06 ff 27 time-range t1
[SW7750-acl-user-5001] display acl config 5001
User ACL 5001, 1 rules
rule 25 deny 06 ff 27 time-range t1 (0 times matched) (Inactive)
Tabl e 478 Define a user-defined ACL rule
Operation Command Description
Enter system view system-view -
Create or enter user-defined
ACL view
acl { number acl-number |
name acl-name [ advanced |
basic | link | user ] } [
match-order { config | auto
} ]
Required
By default, the match order is
config.
Define an ACL rule
rule [ rule-id ] { permit | deny
} { rule-string rule-mask offset
} &<1-8> [ time-range
time-name ]
Required
Display ACL information display acl { all | acl-number }
Optional
This command can be
executed in any view.