Manualshelf

3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module
61626364656667686970
66 CHAPTER 5: ACL CONFIGURATION
and arrange others according to configuration sequence. For advance access
control rules, compare their source address wildcards first. If they are the same,
compare their destination address wildcards. If they are also the same, compare
their ranges of port number. Put those with smaller ranges before others. If the
ranges of port number are still the same, arrange then according to configuration
sequence.
The display acl command can be used to verify which rule takes effect first. Upon
the display, the rule that is listed first takes effect first.
ACL Creation An ACL is virtually a series of rule lists that consist of permit and deny
statements. Several rule lists constitute an ACL. Before configuring the rule of
ACL, you need to create an ACL first.
The following command can be used to create an ACL:
acl number acl-number [ match-order { config | auto } ]
The following command can be used to delete an ACL:
undo acl { number acl-number | all }
Parameter description:
number acl-number: Specify an ACL.
acl-number: Number of ACL. An interface-based ACL takes a value in the
range 1000 to 1999, a basic ACL in the range 2,000 to 2,999, an advanced
ACL in the range 3,000 to 3,999, and a MAC-based ACL in the range 4,000 to
4,999.
match-order config: Specify to match rules according to configuration
sequence of the user.
match-order auto: Specify to match rules by system automatic sequencing,
namely in "depth priority" sequence.
all: Delete all configured ACL.
By default, the match order is configuration sequence of the user, namely
"config" is in use. Once the user specifies the match order of a certain ACL, he
can never change it, unless he deletes all the contents in the ACL and specifies its
match order again.
ACL view can be entered after an ACL is created. ACL view is classified according
to the application purpose of ACL. For example, advanced ACL view can be
entered by creating ACL 3000. The following is the security gateway prompt:
[secblade_FW-acl-adv-3000]
After entering the ACL view, you can configure ACL rules. The rules of different
ACLs are different. The detailed configuration method of each ACL rule will be
introduced respectively in the following sections.
Basic ACL Basic ACL can only adopt source address information to serve as element for
defining ACL rule. A basic ACL can be created and basic ACL view be entered by