Manualshelf

3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module
61626364656667686970
Introduction to ACL 67
the above-mentioned ACL command. In basic ACL view, the rule of basic ACL can
be created.
The following command can be used to define a basic ACL rule:
rule [ rule-id ] { permit | deny } { source sour-addr sour-wildcard | any } ] [
time-range time-name ] [ logging ] [ fragment ]
Parameter description:
rule-id: Optional, number of ACL rule, ranging from 0 to 65,534. After the
number is specified, if the ACL rule related to the number has existed, the new
rule will overwrite the old one, just as editing an existing ACL rule. If you want
to edit an existing ACL rule, you are recommended to delete the existing rule
and then create a new one. Otherwise, the edited rule may not be the
expected ACL rule. If the ACL rule related to the number does not exist, use the
specified number to create a new rule. When the number is not specified, it
means to add a new rule. In this case, the system will assign a number
automatically for the ACL rule and add the new rule.
permit: Permits qualified data packet.
deny: Discards qualified data packet.
source: Optional parameter, used to specify source address information of ACL
rule. If it is not specified, it indicates any source address of the packet matches.
source-addr: Source address of data packet, in dotted decimal.
source-wildcard: Wildcard of source address, in dotted decimal.
any: Used to represent all source address. It is same with setting the source
address as 0.0.0.0 and wildcard as 255.255.255.255.
time-range: Optional parameter, used to specify effective time range of ACL.
time-name: Name of ACL effective time range.
logging: Optional parameter, indicating whether to log qualified data packet.
The log content includes sequence number of access control rule, data packet
permitted or discarded and the number of data packets.
fragment: Optional parameter, used to specify whether the rule is only valid
for non-first-fragment. When this parameter is included, it indicates the rule is
only valid for non-first-fragment.
For existing ACL rule, if edit is performed with specified ACL rule number, the rest
part will not be affected. For example:
First configure an ACL rule:
rule 1 deny source 1.1.1.1 0
Then edit the ACL rule:
rule 1 deny logging
Then, the ACL rule becomes:
rule 1 deny source 1.1.1.1 0 logging