3Com 4500 PWR 26-Port Configuration Manual page 525
Hide thumbs
Also See for 4500 PWR 26-Port:
- Manual (942 pages) ,
- Configuration manual (870 pages) ,
- Getting started manual (128 pages)
Table of Contents
Advertisement
If you do not specify the rule-id argument when creating an ACL rule, the rule will be numbered
automatically. If the ACL has no rules, the ru
be the greatest rule number plu
system will tell
The content of a modi
otherwise the rule modification or creation will fail, and the system prompts that the rule already
exists.
C
onfiguration example
# Configure ACL 5000 to deny all TCP packets, prov
the ACL rule, 06 is the TCP protocol number, ff is the mask
of an internally processed IP packet.
<Sysname> system-view
[Sysname] acl number 5000
[Sysname-acl-user-5000] rule deny 06 ff 27
# Display the configuration information of ACL 5000.
[Sy name-acl-user-5000] display acl 5000
s
User defined ACL
Acl's step is 1
rule 0 deny 06 ff 27
Conf
igu ing IPv6 ACL
r
You can match IPv6 packets by IPv6 ACLs to process IPv6 data flow
IPv6 ACL is in the range from 5000 to 5999.
S
witch 4500 Series support matching the following fields:
cos: Matc
hes the CoS field in IPv6 packets.
dest-ip: Matches the d
dest-mac: Matches the destination MAC address field in IPv6 packets.
double-tag: Matches IPv6 packets with two tags.
dscp: Matches the traffic class field in IPv6 packets.
ip-protocol: Matches the next header field in IPv6 packets.
ipv6-ty
pe: Matches IPv6 packets with the Layer 2 protocol being IPv6.
src-ip: M
atches the source address field in IPv6 packets.
dest-ip: Matches the destination address
src-port: Matches the TCP/UDP source port field in IPv6 packets.
dest-port: Matches the TCP/UDP destination port field in IPv6 packets.
icmpv6-type: Matches the ICMPv6 type field in IPv6 packets.
icmpv6-code: Matches the ICMPv6 code field in IPv6 packets.
vlan: Matches the VLAN tag field in IPv6 packets.
IPv6 ACLs do not match IPv6 packets with extension headers.
s one. If the current greatest rule number is 65534, however, the
you that the rule cannot be created and you need to specify a number for the rule.
fied or created rule cannot be identical with the content of any existing rules;
5000, 1 rule
estination IP address field in IPv6 packets.
le is numbered 0; otherwise, the number of the rule will
ided that VLAN-VPN is not enabled on any port. In
of the rule, and 27 is the protocol field offset
field in IPv6 packets.
44-10
s as required. The number of an
- Quick Links:
- User Control
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
