Huawei Quidway S3500 Series Operation Manual page 347

Operation Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches
You can add multiple rules to one ACL.
Note:
If a specific time rang is not defined, the ACL will always function after activated.
During the process of defining the ACL, you can use the rule command for several
times to define multiple rules for an ACL.
If ACL is used for filter or classify the data transmitted by the hardware of switch, the
match order defined in the acl command will not be effective. If ACL is used for filter
or classify the data treated by the software of switch, the match order of ACL's
sub-rules will be effective. Besides, once the user specifies the match-order of an
ACL rule, he cannot modify it later.
The default matching-order of ACL is config, i.e. following the order as that
configured by the user.
I. Defining the basic ACL
The rules of the basic ACL are defined on the basis of the Layer-3 source IP address to
analyze the data packets.
You can use the following command to define basic ACL.
Perform the following configuration in corresponding view.
Table 1-23 Defining the basic ACL
Enter basic ACL view(from system
view)
add a sub-item to the ACL(from basic
ACL view)
delete a sub-item from the ACL(from
basic ACL view)
Delete one ACL or all the ACL(from
system view)
II. Defining the advanced ACL
The rules of the classification for advanced ACL are defined on the basis of the
attributes such as source and destination IP address, the TCP or UDP port number in
use and packet priority to process the data packets. The advanced ACL supports the
Operation
Huawei Technologies Proprietary
1-21
Chapter 1 ACL Configuration
Command
acl { number acl-number | name
acl-name basic } [ match-order
{ config | auto } ]
rule [ rule-id ] { permit | deny } [ source
source-addr wildcard | any ] [ fragment ]
[ time-range name ]
undo rule rule-id [ source ] [ fragment ]
[ time-range ]
undo acl { number acl-number | name
acl-name | all }