Table of Contents
Advertisement
Syntax
rule [ rule-id ] { deny | permit } [ counting | fragment | logging | source
{ source-address source-wildcard | any } | time-range time-range-name |
vpn-instance vpn-instance-name ] *
undo rule rule-id [ counting | fragment | logging | source | time-range |
vpn-instance ] *
undo rule { deny | permit } [ counting | fragment | logging | source
{ source-address source-wildcard | any } | time-range time-range-name |
vpn-instance vpn-instance-name ] *
Default
No IPv4 basic ACL rules exist.
Views
IPv4 basic ACL view
Predefined user roles
network-admin
Parameters
: Specifies a rule ID in the range of 0 to 65534. If you do not specify a rule ID when creating
rule-id
an ACL rule, the system automatically assigns it a rule ID. This rule ID is the nearest higher multiple
of the numbering step to the current highest rule ID, starting from the start rule ID. For example, if the
rule numbering step is 5 and the current highest rule ID is 28, the rule is numbered 30.
: Denies matching packets.
deny
: Allows matching packets to pass.
permit
counting
the rule are not counted in software.
fragment
applies to both fragments and non-fragments.
: Logs the number of matching packets. This feature is available only when the application
logging
module (for example, packet filtering) that uses the ACL supports the logging feature.
source { source-address source-wildcard | any }
source-address
wildcard mask in dotted decimal notation. A wildcard mask of zeros represents a host address. The
any
keyword represents any source IP address.
time-range time-range-name
argument is a case-insensitive string of 1 to 32 characters. It must start with an English letter. If the
time range is not configured, the system creates the rule. However, the rule using the time range can
take effect only after you configure the time range. For more information about time range, see ACL
and QoS Configuration Guide.
vpn-instance vpn-instance-name
vpn-instance-name
specify a VPN instance, whether the rule applies to VPN packets varies by feature. See the
description for the feature that uses ACLs.
Usage guidelines
Within an ACL, the permit or deny statement of each rule must be unique. If the rule you are creating
or editing has the same deny or permit statement as another rule in the ACL, the rule will not be
created or changed.
You can edit ACL rules only when the match order is
: Enables rule match counting in software. If you do not specify this keyword, matches for
: Applies the rule only to non-first fragments. If you do not specify this keyword, the rule
and
source-wildcard
argument is a case-sensitive string of 1 to 31 characters. If you do not
arguments specify a source IP address and a
: Specifies a time range for the rule. The
: Applies the rule to an MPLS L3VPN instance. The
config
12
: Matches a source address. The
time-range-name
.
Advertisement
Chapters
Table of Contents
