Manualshelf

3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module
61626364656667686970
68 CHAPTER 5: ACL CONFIGURATION
The following command can be used to delete a basic ACL rule:
undo rule rule-id [ source ] [ time-range ] [ logging ] [ fragment ]
Parameter description:
rule-id: Number of ACL rule, which should be an existing ACL rule number. If
there is no parameter followed, the entire ACL rule will be deleted. Otherwise,
only part of information related to the ACL rule will be deleted.
source: Optional parameter. Only the source address information setting of
ACL rule with corresponding number will be deleted.
time-range: Optional parameter. Only the specific effective time range setting
of ACL rule with corresponding number will be deleted.
logging: Optional parameter. Only the logging qualified packet setting of ACL
rule with corresponding number will be deleted.
fragment: Optional parameter. Only the validation setting solely for
non-first-fragment of ACL rule with corresponding number will be deleted.
Advanced ACL Advanced ACL can define rules by using such contents of data packet as source
address information, destination address information, IP carried protocol type and
protocol oriented feature (for example, source port and destination port of TCP,
type and code of ICMP). Advance ACL can be used to define more accurate,
diversified and flexible rules than basic ACL.
An advanced ACL can be created and advanced ACL view be entered by the
previously mentioned ACL command. In advance ACL view, the rules of advanced
ACL can be created.
The following command can be used to define an advanced ACL rule:
rule [ rule-id ] { permit | deny } protocol [ source source-addr source-wildcard |
any ] [ destination dest-addr dest-wildcard | any ] [ source-port operator port1 [
port2 ] ] [ destination-port operator port1 [ port2 ] ] [ icmp-type { icmp-message
| icmp-type icmp-code } ] [ dscp dscp ] [ established ] [ precedence precedence ]
[ tos tos ] [ time-range time-name ] [ logging ] [ fragment ]
Parameter description:
rule-id: Optional, number of ACL rule, ranging from 0 to 65,534. After the
number is specified, if the ACL rule related to the number has existed, the new
rule will overwrite the old one, just as editing an existing ACL rule. If you want
to edit an existing ACL rule, you are recommended to delete the existing rule
and then create a new one. Otherwise, the edited rule may not be the
expected ACL rule. If the ACL rule related to the number does not exist, use the
specified number to create a new rule. When the number is not specified, it
means to add a new rule. In this case, the system will assign a number
automatically for the ACL rule and add the new rule.
deny: Discard qualified data packet.
permit: Permit qualified data packet.