3Com Switch 8800 Advanced Software V5 Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 9400sl 4-Port 10-GbE Module

801

802

803

804

805

806

807

808

809

810

806 CHAPTER 57: IPV4 ACL CONFIGURATION

December 31, 2004 23:59, you may use the time-range test from 00:00

01/01/2004 to 23:59 12/31/2004 command.

■ Compound time range created using the time-range time-name start-time to

end-time days { from time1 date1 [ to time2 date2 ] | to time2 date2 }

command. A time range thus created recurs on the day or days of the week

only within the specified period. For example, to create a time range that is

active from 12:00 to 14:00 on Wednesdays between January 1, 2004 00:00

and December 31, 2004 23:59, you may use the time-range test 12:00 to

14:00 wednesday from 00:00 01/01/2004 to 23:59 12/31/2004 command.

You may create individual time ranges identified with the same name. They are

regarded as one time range whose active period is the result of ORing periodic

ones, ORing absolute ones, and ANDing periodic and absolute ones.

Configuration Example # Create a time range that is active from 8:00 to 18:00 every working day.

<Sysname> system-view

[Sysname] time-range test 8:00 to 18:00 working-day

[Sysname] display time-range test

Current time is 13:27:32 4/16/2005 Saturday

Time-range : test ( Inactive )

08:00 to 18:00 working-day

Configuring a Basic

IPv4 ACL

Basic IPv4 ACLs filter packets based on source IP address. They are numbered in

the range 2000 to 2999.

Configuration

Prerequisites

If you want to reference a time range to a rule, define it with the time-range

command first.

Configuration Procedure Follow these steps to configure a basic IPv4 ACL:

Note that:

To do... Use the command... Remarks

Enter system view system-view --

Create and enter basic

IPv4 ACL view

acl number acl-number [ match-order

{ auto | config } ]

Required

The default match order is

config.

Create or modify a rule rule [ rule-id ] { deny | permit } [

fragment | logging | source {

sour-addr sour-wildcard | any } |

time-range time-name | vpn-instance

vpn-instance-name ] *

Required

To create multiple rules,

repeat this step.

Set a rule numbering

step

step step-value Optional

The default step is 5.

Create an IPv4 ACL

description

description text Optional

Create a rule description rule rule-id comment text Optional