Manualshelf

3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module
61626364656667686970
70 CHAPTER 5: ACL CONFIGURATION
tos tos: Optional parameter. Data packet can be filtered according to service
type field. A number ranging from 0 to 15 or a name. This keyword is mutually
exclusive with the dscp keyword.
logging: Optional parameter, indicating whether to log qualified data packet.
The log contents include sequence number of ACL, data packet
permitted/discarded, upper layer protocol type over IP, source/destination
address, source/destination port number, and the number of data packets.
time-range time-name: The ACL rule is valid in the time range.
fragment: Used to specify whether the rule is only valid for
non-first-fragment. When this parameter is included, it indicates the rule is only
valid for non-first-fragment.
The ToS value is the forth bit to the seventh bit from left to right (four bits in all), in
the range of 0 to 15, as shown in
Figure 14. However, its real value is in the range
of 0 to 30.
Figure 14 The ToS field in ACL
When you use the ToS value in the ping command, the ToS value must be twice
the value configured in ACL (such as 1). Only in this way can you use the ping
command to test the ToS value configured in the ACL.
For existing ACL rule, if edit is performed with specified ACL rule number, the rest
part will not be affected. For example:
First configure an ACL rule:
rule 1 deny ip source 1.1.1.1 0
Then edit the ACL rule:
rule 1 deny ip destination 2.2.2.1 0
Then, the ACL rule becomes:
rule 1 deny ip source 1.1.1.1 0 destination 2.2.2.1 0
The following command can be used to delete an advanced ACL rule:
undo rule rule-id [ source ] [ destination ] [ source-port ] [ destination-port ] [
icmp-type ] [ dscp ] [ precedence ] [ tos ] [ time-range ] [ logging ] [ fragment
]
Parameter description: