Rule (In Ethernet Frame Header Acl View) - 3Com S7906E Command Reference Manual

With the undo rule command, if no parameters are specified, the entire ACL rule is removed; if other
parameters are specified, only the involved information is removed.
Note that:
You will fail to create or modify a rule if its permit/deny statement is exactly the same as another
rule. In addition, if the ACL match order is set to auto rather than config, you cannot modify ACL
rules.
When defining ACL rules, you need not assign them IDs. The system can automatically assign rule
IDs starting with 0 and increasing in certain rule numbering steps. A rule ID thus assigned is greater
than the current highest rule ID. For example, if the rule numbering step is five and the current
highest rule ID is 28, the next rule will be numbered 30.
You may use the display acl command to verify rules configured in an ACL. If the match order for
this ACL is auto, rules are displayed in the depth-first order rather than by rule number.
For an advanced IPv4 ACL to be referenced by a QoS policy for traffic classification:
The logging, reflective and vpn-instance keywords are not supported.
The operator cannot be neq if the ACL is for the inbound traffic.
The operator cannot be gt, lt, neq, or range if the ACL is for the outbound traffic.
Examples
# Define a rule to permit the TCP packets to pass with the destination port 80 sent from 129.9.0.0 to
202.38.160.0.
<Sysname> system-view
[Sysname] acl number 3000
[Sysname-acl-adv-3000] rule permit tcp source 129.9.0.0 0.0.255.255 destination 202.38.160.0
0.0.0.255 destination-port eq 80

rule (in Ethernet frame header ACL view)

Syntax
rule [ rule-id ] { deny | permit } [ cos vlan-pri | dest-mac dest-addr dest-mask | lsap lsap-code
lsap-wildcard | source-mac sour-addr source-mask | time-range time-range-name | type type-code
type-wildcard ] *
undo rule rule-id
View
Ethernet frame header ACL view
Default Level
2: System level
Parameters
rule-id: Ethernet frame header ACL rule number in the range 0 to 65534.
1-17