Huawei Quidway S6500 Series Operation Manual page 343

Operation Manual - QoS/ACL
Quidway S6500 Series Ethernet Switches
Defining ACL by following the steps below:
1) enter the corresponding ACL view
2) add a rule to the ACL
You can add multiple rules to one ACL.
Note:
If a specific time rang is not defined, the ACL will always function after activated.
During the process of defining the ACL, you can use the rule command for several
times to define multiple rules for an ACL.
If ACL is used for filter or classify the data transmitted by the hardware of switch, the
match order defined in the acl command will not be effective. If ACL is used for filter
or classify the data treated by the software of switch, the match order of ACL's
sub-rules will be effective. Besides, once the user specifies the match-order of an
ACL rule, he cannot modify it later.
The default matching-order of ACL is config, i.e. following the order as that
configured by the user.
I. Define basic ACL
The rules of the basic ACL are defined on the basis of the Layer-3 source IP address to
analyze the data packets.
You can use the following command to define basic ACL.
Perform the following configuration in corresponding view.
Table 1-5 Define basic ACL
Enter basic ACL view(from system
view)
add a sub-item to the ACL(from
basic ACL view)
delete
ACL(from basic ACL view)
Delete
ACL(from system view)
Operation
a sub-item from
one ACL or all
Huawei Technologies Proprietary
acl { number acl-number | name acl-name
basic } [ match-order { config | auto } ]
rule [ rule-id ] { permit | deny } [ source
{ source-addr wildcard | any } ] [ fragment ]
[ time-range name ]
the undo rule rule-id [ source ] [ fragment ]
[ time-range ]
the undo acl { number acl-number | name
acl-name | all }
1-6
Chapter 1 ACL Configuration
Command