3Com 8807 Configuration Manual page 175
8800 series
Hide thumbs
Also See for 8807:
- Command reference manual (1099 pages) ,
- Installation manual (104 pages) ,
- Product manual (15 pages)
Table of Contents
Advertisement
Table 152 Define advanced ACL
Operation
Delete an ACL rule
(advanced ACL view)
Delete an ACL or all ACLs
(system view)
c
CAUTION:
■
■
Defining Layer 2 ACLs
Layer 2 ACLs define the Layer 2 information such as source and destination MAC
addresses, source VLAN ID, and Layer 2 protocol type in their rules and process
packets according to these attributes.
Perform the following configurations in the specified view.
Table 153 Define Layer 2 ACLs
Operation
Enter Layer 2 ACL view
(system view)
Define an ACL rule (in
Layer 2 ACL view)
Delete an ACL rule (Layer 2
ACL view)
Delete an ACL or all ACLs
(system view)
Activating ACL
After defining an ACL, you must activate it. This configuration activates those
ACLs to filter or classify the packets forwarded by hardware.
For interface cards, perform the following configurations in Ethernet port view.
Table 154 Activate ACL
Operation
Activate IP group ACL
The port1 and port2 parameters in the command listed in Table 152 should be
TCP/UDP ports for higher-layer applications. For some common ports, you can
use mnemonic symbols to replace the corresponding port numbers. For
example, you can use "bgp" to represent TCP port 179, which is for BGP
protocol.
The rules with specified bt-flag cannot be used in the traffic-redirect
command.
Command
acl { number acl-number | name acl-name link } [ match-order {
config | auto } ]
rule [ rule-id ] { permit | deny } [ cos cos-value | c-tag-cos
c-cos-value | exp exp-value | protocol-type | mac-type {
any-broadcast-packet | arp-broadcast-packet |
non-arp-broadcast-packet | { { unicast-packet |
multicast-packet } [ known | unknown ] } } | ingress { {
source-vlan-id [ to source-vlan-id-end ] | source-mac-addr
source-mac-wildcard | c-tag-vlan c-tag-vlanid }* | any } | egress {
dest-mac-addr dest-mac-wildcard | any } | s-tag-vlan s-tag-vlanid
| time-range name ]*
undo rule rule-id
undo acl { number acl-number | name acl-name | all }
Command
undo rule rule-id [ source | destination | source-port |
destination-port | icmp-type | precedence | tos | dscp |
fragment | bt-flag | time-range | vpn-instance ]*
undo acl { number acl-number | name acl-name | all }
Command
packet-filter inbound ip-group { acl-number |
acl-name } [ rule rule [ system-index index ] ]
ACL Configuration Tasks
175
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
Need help?
Do you have a question about the 8807 and is the answer not in the manual?
Questions and answers