Basic Acl - 3Com 3C13636 Configuration Manual

3Com Router 3000 Ethernet Family
Configuration Guide

5.1.5 Basic ACL

Basic ACL can only adopt source address information to serve as element for defining
ACL rule. A basic ACL can be created and basic ACL view be entered by the
above-mentioned ACL command. In basic ACL view, the rule of basic ACL can be
created.
The following command can be used to define a basic ACL rule:
rule [ rule-id ] { permit | deny | comment text } [ source sour-addr sour-wildcard | any ]
[ time-range time-name ] [ logging ] [ fragment ] [ vpn-instance vpn-instance-name ]
Parameter description:
rule-id: Optional parameter, number of ACL rule, ranging from 0 to 65534. After
the number is specified, if the ACL rule related to the number has existed, a newly
defined rule may be used to overwrite the old definition, just as editing an existing
ACL rule. If the ACL rule related to the number does not exist, use the specified
number to create a new rule. When the number is not specified, it indicates to add
a new rule. In this case, the system will assign a number automatically for the ACL
rule and add the new rule.
permit: Permit qualified data packet.
deny: Discard qualified data packet.
comment text: Specifies a comment for each rule.
source: Optional parameter, used to specify source address information of ACL
rule. If it is not specified, it indicates any source address of the packet matches.
source-addr: Source address of data packet, in dotted decimal. Or, "any" may be
used to represent source address 0.0.0.0, with wildcard being 255.255.255.255.
source-wildcard: Wildcard of source address, in dotted decimal.
time-range: Optional parameter, used to specify effective time range of ACL.
time-name: Name of ACL effective time range.
logging: Optional parameter, indicating whether to log qualified data packet. The
log content includes sequence number of access control rule, data packet passed
or discarded and the number of data packets.
fragment: Optional parameter, used to specify whether the rule is only valid for
non-first-fragment. When this parameter is included, it indicates the rule is only
valid for non-first-fragment.
vpn-instance: Optional parameter specifying the vpn-instance to which the
packets belong. If it is not specified, the ACL rule will be valid for the packets in all
the vpn-instances. If it is specified, the ACL rule will be valid only for the specified
vpn-instance.
For existing ACL rule, if edit is performed with specified ACL rule number, the rest part
will not be affected. For example:
First configure an ACL rule:
rule 1 deny source 1.1.1.1 0
3Com Corporation
5-3
Chapter 5 ACL Configuration