3Com Switch 8800 Advanced Software V5 Configuration Guide
Displaying and Maintaining IPv4 ACLs 811
You will fail to create a user-defined ACL rule if its permit/deny statement is exactly
the same as another rule. Unlike other types of ACLs, however, you can modify a
user-defined ACL rule.
When defining user-defined ACL rules, you need not assign them IDs. The system
can automatically assign rule IDs starting with 0 and increasing in rule numbering
steps of five. A rule ID thus assigned is greater than the current highest rule ID. For
example, if the current highest rule ID is 28, the next rule will be numbered 30. For
detailed information about step, refer to the step command in the Switch 8800
Command Reference Guide.
For a user-defined ACL, the match order can only be config.
For D-type modules, matching packets against a user-defined ACL that the offset
is set from the beginning of the Layer 5 header is not supported.
c
CAUTION: The rule specified in the rule comment command must have existed.
Configuration Example # Configure used-defined ACL 5500.
<Sysname> system-view
[Sysname] acl number 5500
[Sysname-acl-user-5500] rule 0 permit l2 0806 ffff 20 time-range t1
# Verify the configuration.
[Sysname-acl-user-5500] display acl 5500
User defined ACL 5500, 1 rule,
Acl’s step is 5
rule 0 permit l2 0806 ffff 20 time-range t1 (Active)
Displaying and
Maintaining IPv4 ACLs
Create or modify a rule rule [ rule-id ] { deny | permit } [ {
ipv4 | ipv6 | l2 | l4 | l5 ] rule-string
rule-mask offset }&<1-8> ] [
time-range time-name ]
Required
To create multiple rules,
repeat this step.
Create an ACL description description text Optional
Create a rule description rule rule-id comment text Optional
To do... Use the command... Remarks
To do... Use the command... Remarks
Display information about a
specified or all IPv4 ACLs
display acl { acl-number |
all | name acl-name }
Available in any view
Display the configuration and
state of a specified or all time
ranges
display time-range {
time-name | all }
Available in any view
Clear the statistics about the
specified or all IPv4 ACLs
except for user-defined IPv4
ACLs
reset acl counter {
acl-number | all}
Available in user view