H3C S7500 Series Ethernet Switches Operation Manual
Operation Manual – ACL
H3C S7500 Series Ethernet Switches Chapter 1
ACL Configuration
1-14
Name ICMP TYPE ICMP CODE
net-unreachable Type=3 Code=0
parameter-problem Type=12 Code=0
port-unreachable Type=3 Code=3
protocol-unreachable Type=3 Code=2
reassembly-timeout Type=11 Code=1
source-quench Type=4 Code=0
source-route-failed Type=3 Code=5
timestamp-reply Type=14 Code=0
timestamp-request Type=13 Code=0
ttl-exceeded Type=11 Code=0
In the case that you specify the rule ID when defining a rule:
z If the ACL is created with the config keyword specified and the rule identified by
the rule-id argument exists, the settings specified in the rule command overwrite
the counterparts of the existing rule (other settings of the rule remain unchanged).
If the ACL is created the auto keyword specified, the rules of the ACL cannot be
edited. In this case, the system will prompt errors when you execute the rule
command.
z If the rule corresponding to the specified rule ID does not exist, you will create and
define a new rule.
z The content of a modified or newly created rule must not be identical with the
content of any existing rule; otherwise the rule modification or creation will be
failed, and the system will prompt that the rule already exists.
If you do not specify a rule ID, you will create and define a new rule, and the system will
assign an ID for the rule automatically.
1.6.3 Configuration Example
# Configure ACL 3000 to permit TCP packets to pass. The port number of the packets is
80, the source network segment of packets is 129.9.0.0, and the destination network
segment is 202.38.160.0
<H3C> system-view
[H3C] acl number 3000
[H3C-acl-adv-3000] rule permit tcp source 129.9.0.0 0.0.255.255 destination
202.38.160.0 0.0.0.255 destination-port eq 80
[H3C-acl-adv-3000] display acl config 3000
Advanced ACL 3000, 1 rule