3Com Switch 7750 Configuration Guide
650 CHAPTER 60: ACL CONFIGURATION
When you specify the rule ID by using the rule command, note that:
■ You can specify an existing rule ID to modify the corresponding rule. ACEs that
are not modified remain unchanged.
■ You can create a rule by specifying an ID that identifies no rule.
■ You will fail to create a rule if the newly created rule is the same as an existing
one.
If you do not specify the rule ID when creating an ACL rule, the rule ID of the
newly created rule is assigned by the system.
n
Only I/O Modules other than Type A support the user-defined ACL.
Configuration Example # Configure ACL 5001 to deny all TCP packets.
<SW7750> system-view
[SW7750] time-range t1 18:00 to 23:00 sat
[SW7750] acl number 5001
[SW7750-acl-user-5001] rule 25 deny 06 ff 27 time-range t1
[SW7750-acl-user-5001] display acl config 5001
User ACL 5001, 1 rule
rule 25 deny 06 ff 27 time-range t1 (0 times matched) (Inactive)
Applying ACLs on
Ports
By applying ACLs on ports, you can filter certain packets.
Configuration
Preparation
You need to define an ACL before applying it on a port. For operations to define
ACLs, refer to “Defining Basic ACLs” on page 641, “Defining Advanced ACLs” on
page 642, “Defining Layer 2 ACLs” on page 647, and “Defining User-Defined
ACLs” on page 649.
Configuration Procedure
Create or enter user-defined
ACL view
acl { number acl-number |
name acl-name [ advanced |
basic | link | user ]}
[ match-order { config |
auto }]
Required
By default, the match order is
config.
Define an ACL rule rule [ rule-id ]{permit |
deny }{rule-string rule-mask
offset } &<1-8> [ time-range
time-name ]
Required
Display ACL information display acl { all |
acl-number }
Optional
This command can be
executed in any view.
Table 522 Define a user-defined ACL rule
Operation Command Description
Table 523 Apply an ACL on a port
Operation Command Description
Enter system view system-view -