650
C
60: ACL C
HAPTER
Configuration Example
Applying ACLs on
Ports
Configuration
Preparation
Configuration Procedure
ONFIGURATION
Table 522 Define a user-defined ACL rule
Operation
Create or enter user-defined
ACL view
Define an ACL rule
Display ACL information
When you specify the rule ID by using the rule command, note that:
You can specify an existing rule ID to modify the corresponding rule. ACEs that
■
are not modified remain unchanged.
You can create a rule by specifying an ID that identifies no rule.
■
You will fail to create a rule if the newly created rule is the same as an existing
■
one.
If you do not specify the rule ID when creating an ACL rule, the rule ID of the
newly created rule is assigned by the system.
n
Only I/O Modules other than Type A support the user-defined ACL.
# Configure ACL 5001 to deny all TCP packets.
<SW7750> system-view
[SW7750] time-range t1 18:00 to 23:00 sat
[SW7750] acl number 5001
[SW7750-acl-user-5001] rule 25 deny 06 ff 27 time-range t1
[SW7750-acl-user-5001] display acl config 5001
User ACL
5001, 1 rule
rule 25 deny 06 ff 27 time-range t1 (0 times matched) (Inactive)
By applying ACLs on ports, you can filter certain packets.
You need to define an ACL before applying it on a port. For operations to define
ACLs, refer to "Defining Basic ACLs" on page 641, "Defining Advanced ACLs" on
page 642, "Defining Layer 2 ACLs" on page 647, and "Defining User-Defined
ACLs" on page 649.
Table 523 Apply an ACL on a port
Operation
Enter system view
Command
acl { number acl-number |
name acl-name [ advanced |
basic | link | user ] }
[ match-order { config |
auto } ]
rule [ rule-id ] { permit |
deny } { rule-string rule-mask
offset } &<1-8> [ time-range
time-name ]
display acl { all |
acl-number }
Command
system-view
Description
Required
By default, the match order is
config.
Required
Optional
This command can be
executed in any view.
Description
-