3Com 8800 Configuration Manual page 378

3Com Switch 8800 Configuration Guide
Note:
If the time-range keyword is not selected, the ACL will be effective at any time after
being activated.
You can define multiple rules for the ACL by using the rule command several times.
If the ACL is sent directly to hardware for packet filtering and traffic classification, the
auto matching order is available and the user-defined (config) matching order
becomes ineffective. If the ACL is used in filtering or classifying the packets
processed by software, the config matching order is available. You cannot modify
the matching order once you define that for an ACL rule.
By default, ACL rules are matched in config order.
I. Defining basic ACL
Basic ACLs only make rules and process packets according to the source IP
addresses.
Perform the following configurations in the specified views.
Table 32-8 Define basic ACL
Operation
Enter basic ACL view
(system view)
Define an ACL rule
(basic ACL view)
Delete an ACL rule
(basic ACL view)
Delete an ACL or all
ACLs (system view)
II. Defining advanced ACL
Advanced ACLs define classification rules and process packets according to the
attributes of the packets such as source and destination IP addresses, TCP/UDP ports
used, and packet priority. ACLs support three types of priority schemes: ToS (type of
service) priority, IP priority and DSCP priority.
Perform the following configurations in the specified view.
acl { number acl-number | name acl-name basic }
[ match-order { config | auto } ]
rule [ rule-id ] { permit | deny } [ source { source-addr
wildcard | any } | fragment | time-range name |
vpn-instance instance-name ]*
undo rule rule-id [ source | fragment | time-range |
vpn-instance instance-name ]*
undo acl { number acl-number | name acl-name | all }
32-8
Chapter 32 ACL Configuration
Command