Activating Acl - 3Com 5500-SI Configuration Manual
5500 series
Hide thumbs
Also See for 5500-SI:
- Datasheet (9 pages) ,
- Getting started manual (148 pages) ,
- Quick reference manual (59 pages)
Table of Contents
Advertisement
Table 365 Define Layer-2 ACL
Operation
Enter Layer-2 ACL view (from
System View)
Add a sub-item to the ACL
(from Layer-2 ACL View)
Delete a sub-item from the ACL
(from Layer-2 ACL View)
Delete one ACL or all the ACL
(from System View)
Defining the User-defined ACL
The user-defined ACL matches any bytes in the first 80 bytes of the Layer-2 data
frame with the character string defined by the user and then processes them
accordingly. To correctly use the user-defined ACL, you are required to understand the
Layer-2 data frame structure.
Any packet ending up at the FFP (Fast Filter Processor), that performs ACL
functionality, will contain a VLAN tag. Even packets that ingress the Switch untagged
will be tagged at the FFP.
You can use the following commands to define user-defined ACL.
Perform the following configuration in corresponding view.
Table 366 Defining the User-defined ACL
Operation
Enter user-defined ACL view (from System
View)
Add a sub-item to the ACL (from
User-defined ACL View)
Delete a sub-item from the ACL (from
User-defined ACL View)
Delete one ACL or all the ACL (from System
View)
rule-string
character string with even digits of characters.
the packet information. Here, rule-mask is rule mask, used for logical AND operation
with bytes from the data packets and corresponding bytes from the rule-mask and
offset determines the start location of the rule-mask in the packet.
offset
user-defined rule-string to identify and process the matched packets.
Activating ACL
The defined ACL can be active after being activated globally on the Switch. This
function is used to activate the ACL filtering or classify the data transmitted by the
hardware of the Switch.
You can use the following command to activate the defined ACL.
Perform the following configuration in Ethernet Port View.
Command
acl number acl_number [ match-order { config |
auto }
rule [ rule_id ] { permit | deny } [ [ type
protocol_type type_mask | lsap lsap_type
type_mask ] | format_type | cos cos | source {
source_vlan_id | source_mac_addr
source_mac_wildcard }* | dest { dest_mac_addr
dest_mac_wildcard
undo rule rule_id
undo acl { number acl_number | all }
is a character string defined by a user. It is made up of a hexadecimal
extracts a character string from the packet and compares it with the
Brief Introduction to ACL 355
} | time-range name ]*
Command
acl number acl_number [ match-order
{ config | auto } ]
rule [ rule_id ] { permit | deny } {
rule_string rule_mask offset }&<1-8>
[ time-range name ]
undo rule rule_id
undo acl { number acl_number | all }
rule-mask offset
is used to extract
rule-mask
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
