Manualshelf

3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module
311312313314315316317318319320
320 CHAPTER 18: ACCESS CONTROL LIST CONFIGURATION COMMANDS
destination-port: Optional. Only the information setting related to the
destination port part of the ACL rule number will be deleted, valid only when the
protocol is TCP or UDP.
icmp-type: Optional. Only the information setting related to ICMP type and
message code part of the ACL rule number will be deleted, valid only when the
protocol is ICMP.
precedence: Optional. Only the setting of precedence configuration of the ACL
rule will be deleted.
tos tos: Optional. Only related tos setting corresponding to the ACL rule will be
deleted.
time-range time-name: Optional, specifies that the ACL is valid in this time range.
logging: Optional. Only the setting corresponding to the logging part of the ACL
rule will be deleted.
fragment: Optional. Only the setting corresponding to the validity of non-first
packets fragmentation of the ACL rule will be deleted.
type-code: Type of the Data frame, a 16-bit hexadecimal number corresponds to
the type-code field in Ethernet_II and Ethernet_SNAP frames.
type-mask: A 16-bit hexadecimal number used for specifying the mask bits.
lsap-code: Encapsulation format of data frames, a 16-bit hexadecimal number.
lsap-mask: LSAP mask, a 16-bit hexadecimal number used to specify mask bits.
sour-addr: Source MAC address in the format of xxxx-xxxx-xxxx, used to match the
source address of a packet.
sour-mask: Source MAC address mask.
dest-addr: Destination MAC address in the format of xxxx-xxxx-xxxx, Used to
match the destination address of a packet.
dest-mask: Destination MAC address mask.
Description
Use the rule command to add a rule in current ACL view.
Use the undo rule command to delete a rule.
The rule ID is needed when you try to delete a rule. If you do not know the ID,
using the display acl command to find it out.
Example
# Create ACL 3001 and add a rule to deny RIP packets.
[SecBlade_FW] acl number 3001
[SecBlade_FW-acl-adv-3001] rule deny udp destination-port eq rip