3Com Switch 8800 Advanced Software V5 Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 9400sl 4-Port 10-GbE Module

801

802

803

804

805

806

807

808

809

810

810 CHAPTER 57: IPV4 ACL CONFIGURATION

28, the next rule will be numbered 30. For detailed information about step, refer

to the step command in the Switch 8800 Command Reference Guide.

You may use the display acl command to verify rules configured in an ACL. If the

match order for this ACL is auto, rules are displayed in the depth-first order rather

than by rule number.

CAUTION:

■ You can modify the match order of an ACL with the acl number acl-number

match-order { auto | config } command but only when it does not contain

any rules.

■ The rule specified in the rule comment command must have existed.

■ When you create an Ethernet frame header ACL, do not specify the LSAP

keyword or set the type-code argument to 0800, 86DD, 8847, 8848 or 8100.

■ For the default flow template to be used, the destination mask corresponding

to the type keyword must be FFFF.

Configuration Example # Create IPv4 ACL 4000 to deny frames with the 802.1p priority of 3.

<Sysname> system-view

[Sysname] acl number 4000

[Sysname-acl-ethernetframe-4000] rule deny cos 3

# Verify the configuration.

[Sysname-acl-ethernetframe-4000] display acl 4000

Ethernet frame ACL 4000, 1 rule,

Acl’s step is 5

rule 0 deny cos excellent-effort(5 times matched)

Configuring a

User-Defined ACL

User-defined ACLs allow you to customize rules based on information of protocol

headers such as IP. When defining a user-defined ACL rule, you need to specify an

offset in bytes on which a match operation should start from the beginning of a

packet header and in addition, specify a mask. When comparing a packet against

the rule, the system ANDs the mask with the corresponding bytes in the packet

and compare the result with the rule.

User-defined ACLs are numbered in the range 5000 to 5999.

Configuration

Prerequisites

If you want to reference a time range to a rule, define it with the time-range

command first.

Configuration Procedure Follow these steps to configure a user-defined IPv4 ACL:

To do... Use the command... Remarks

Enter system view system-view --

Create and enter

user-defined IPv4 ACL view

acl number acl-number Required