Rule (Ipv4 Advanced Acl View) - H3C S5820X Series Acl And Qos Command Reference
Hide thumbs
Also See for S5820X Series:
- Command reference manual (488 pages) ,
- Configuration manual (252 pages) ,
- High availability configuration manual (233 pages)
Table of Contents
Advertisement
Ethernet_SNAP frames. The protocol-type-mask argument is a 16-bit hexadecimal number that represents
a protocol type mask.
source-mac sour-addr source-mask: Matches a source MAC address range. The sour-addr argument
represents a source MAC address, and the sour-mask argument represents a mask in H-H-H format.
time-range time-range-name: Specifies a time range for the rule. The time-range-name argument is a
case insensitive string of 1 to 32 characters. It must start with an English letter.
Description
Use the rule command to create or edit an Ethernet frame header ACL rule. You can edit ACL rules only
when the match order is config.
Use the undo rule command to delete an Ethernet frame header ACL rule or some attributes in the rule.
If no optional keywords are provided, you delete the entire rule. If optional keywords or arguments are
provided, you delete the specific attributes.
By default, an Ethernet frame header ACL does not contain any rule.
Within an ACL, the permit or deny statement of each rule must be unique. If the ACL rule you are creating
or editing has the same deny or permit statement as another rule in the ACL, your creation or editing
attempt will fail.
To view rules in an ACL and their rule IDs, use the display acl all command.
Examples
# Create a rule in ACL 4000 to deny packets with the 802.1p priority of 3.
<Sysname> system-view
[Sysname] acl number 4000
[Sysname-acl-ethernetframe-4000] rule deny cos 3
rule (IPv4 advanced ACL view)
Syntax
rule [ rule-id ] { deny | permit } protocol [ { { ack ack-value | fin fin-value | psh psh-value | rst rst-value
| syn syn-value | urg urg-value } * | established } | counting | destination { dest-addr dest-wildcard |
any } | destination-port operator port1 [ port2 ] | dscp dscp | fragment | icmp-type { icmp-type
icmp-code | icmp-message } | logging | precedence precedence | reflective | source { sour-addr
sour-wildcard | any } | source-port operator port1 [ port2 ] | time-range time-range-name | tos tos |
vpn-instance vpn-instance-name ] *
undo rule rule-id [ { { ack | fin | psh | rst | syn | urg } * | established } | counting | destination |
destination-port | dscp | fragment | icmp-type | logging | precedence | reflective | source |
source-port | time-range | tos | vpn-instance ] *
View
IPv4 advanced ACL view
Default level
2: System level
Parameters
rule-id: Specifies a rule ID, which ranges from 0 to 65534. If no rule ID is provided when you create an
ACL rule, the system automatically assigns it a rule ID. This rule ID takes the nearest higher multiple of the
19
Advertisement
Table of Contents
