Rule Comment - H3C s3600 series Command Manual

Hide thumbs Also See for s3600 series:

Operation manual (966 pages)

Installation manual (98 pages)

Command manual (92 pages)

page of 1277

/ 1277
Contents
Table of Contents
Bookmarks

Table of Contents

processes internally, c0a80001 is the representation of 192.168.0.1 in hexadecimal, and 32 is the offset

of the source IP address field in an ARP packet that the switch processes internally.

[Sysname] acl number 5001

[Sysname-acl-user-5001] rule 1 deny 0806 ffff 16 c0a80001 ffffffff 32

[Sysname-acl-user-5001] quit

# Create user-defined ACL 5002 and define rule 1, specifying a 32-byte rule string, a rule mask of all Fs,

and an offset of 4. Then, apply the ACL to Ethernet 1/0/1.

[Sysname] acl number 5002

[Sysname-acl-user-5002] rule 1 deny

1234567890123456789012345678901234567890123456789012345678901234

ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 4

[Sysname-acl-user-5002] quit

[Sysname] interface Ethernet 1/0/1

[Sysname-Ethernet1/0/1] packet-filter inbound user-group 5002

In this example, the 32-byte rule string occupies eight offset units: 4 to 7 (Offset2), 8 to 11 (Offset3), 12

to 15 (Offset4), 16 to 19 (Offset5), 20 to 23 (Offset1), 24 to 27 (Offset7), 28 to 31 (Offset8), and 32 to 35

(Offset6), as shown in

# Create user-defined ACL 5003 and define rule 1, specifying a 32-byte rule string, a rule mask of all Fs,

and an offset of 24. Then, apply the ACL to Ethernet 1/0/2.

[Sysname] acl number 5003

[Sysname-acl-user-5003]

1234567890123456789012345678901234567890123456789012345678901234

ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 24

[Sysname-acl-user-5003] quit

[Sysname] interface Ethernet 1/0/2

[Sysname-Ethernet1/0/2] packet-filter inbound user-group 5003

Applying Acl 5003 rule 1 failed!

Reason: This type of ACL rule is not supported by the command which is attempting to use

the ACL!(Ethernet1/0/2)

In this example, the 32-byte rule string does not comply with the rule that a user-defined rule string can

contain up to eight mask offset units, and any two offset units cannot belong to the same offset group.

The ACL cannot be assigned.

After completing the above configuration, you can use the display acl command to view the

configuration information of the ACLs.

rule comment

rule rule-id comment text

undo rule rule-id comment

Advanced ACL view, Layer 2 ACL view, user-defined ACL view

1-16. The rule can be assigned successfully.

Show Quick Links

Chapters

Table of Contents

Rule Comment - H3C s3600 series Command Manual

rule comment

Hide quick links:

Chapters

Related Manuals for H3C s3600 series

Related Content for H3C s3600 series

Table of Contents