3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide
Configuring an ACL 77
■ Add description to an ACL
■ Add comment to an ACL rule
■ Delete an ACL
Configuring a Basic ACL Perform the following configuration.
For detailed introduction to parameters, refer to basic ACL.
Configuring an
Advanced ACL
Perform the following configuration.
Configuring an
Interface-Based ACL
Perform the following configuration.
You can specify an interface by specifying its type and number or all interfaces by
specifying the any keyword.
Configuring a
MAC-Based ACL
Perform the following configuration.
Tab le 61 Configure a basic ACL
Operation Command
Create a basic ACL in system view. acl number acl-number [ match-order { config | auto } ]
Configure/delete an ACL rule in
basic ACL view.
rule [ rule-id ] { permit | deny } [ source source-addr
source-wildcard | any ] [ time-range time-name ] [
logging ] [ fragment ]
undo rule rule-id [ source ] [ time-range ] [ logging ] [
fragment ]
Tab le 62 Configure an advanced ACL
Operation Command
Create an advanced ACL in
system view.
acl number acl-number [ match-order { config | auto } ]
Configure/delete an ACL
rule in advanced ACL view.
rule [ rule-id ] { permit | deny } protocol [ source {sour-addr
sour-wildcard | any ] [ destination dest-addr dest-wildcard |
any } ] [ source-port operator port1 [ port2 ] ] [
destination-port operator port1 [ port2 ] ] [ icmp-type
{icmp-type icmp-code| icmp-message} ] [ precedence
precedence ] [ dscp dscp ] [ established ] [ tos tos ] [
time-range time-name ] [ logging ] [ fragment ]
undo rule rule-id [ source ] [ destination ] [ source-port ] [
destination-port ] [ icmp-type ] [ dscp ] [ precedence ] [ tos
] [ time-range ] [ logging ] [ fragment ]
Tab le 63 Configure an interface-based ACL
Operation Command
Create an interface-based ACL
in system view.
acl number acl-number [ match-order { config | auto } ]
Configure/delete an ACL rule in
interface-based ACL view.
rule { permit | deny } interface { interface-type
interface-number 1 any } [ time-range time-name ] [
logging ]
undo rule rule-id [ time-range ] [ logging ]*