Manualshelf

3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module
71727374757677787980
Introduction to ACL 75
specified number to create a new rule. When the number is not specified, it
means to add a new rule. In this case, the system will assign a number
automatically for the ACL rule and add the new rule.
deny: Discards qualified data packet.
permit: Permits qualified data packet.
interface interface-type interface-number: Specifies the interface information
of the packets. If no interface is specified, all interfaces can be matched. any
represents all interfaces.
logging: Optional parameter, indicating whether to log qualified packet. Log
contents include sequence number of ACL rule, packet permitted or discarded
and the number of data packets.
time-range time-name: Optional, specifies the time range in which the rule is
valid.
The following command can be used to delete an interface-based ACL rule:
undo rule rule-id [ logging ] [ time-range ]
Parameter description:
rule-id: Number of ACL rule, which must be an existing ACL rule number.
logging: Optional, indicating whether to log matched packets. The log
contents include sequence number of ACL rule, packets permitted or
discarded, upper layer protocol type over IP, source/destination address,
source/destination port number, and number of packets.
time-range: Optional, specifies the time range in which the rule is valid.
MAC-Based ACL MAC-based ACLs are numbered in the range 4,000 to 4,999.
You can use the following command to configure a MAC-based ACL rule:
rule [ rule-id ] { deny | permit } [ type type-code type-mask | lsap lsap-code
lsap-mask ] [ source-mac sour-addr sour-mask ] [ dest-mac dest-addr dest-mask ]
[ time-range time-name ] [ logging ]
The parameters are described as follows:
rule-id represents a rule number.
type-code is a hexadecimal number in the format of xxxx, used for matching the
protocol type of the transmitted packets.
type-mask represents the wildcard for the protocol type. For type-code values,
refer to the chapter that discusses bridge configuration in the link layer protocol
part of this manual.
lsap-code is a hexadecimal number in the format of xxxx, used for matching the
encapsulation format of bridged packet on an interface. lsap-wildcard represents
the wildcard of protocol type.