3Com 5500-EI PWR Install Manual page 652

A user-defined ACL can be numbered from 5000 to 5999.
Configuration prerequisites
To configure a time range-based user-defined ACL rule, you need to define the
corresponding time ranges first. For information about time range configuration, refer to
Configuring Time
Configuration procedure
Follow these steps to define a user-defined ACL rule:
To do...
Enter system view
Create a user-defined
ACL and enter
user-defined ACL
view
Define an ACL rule
Define a comment for
the ACL rule
Define a description
for the ACL
When configuring a rule that matches specific fields of packets, take the following two
items into account:
If VLAN-VPN is not enabled, each packet in the switch carries one VLAN tag, which is
4 bytes long.
If VLAN-VPN is enabled on a port, each packet in the switch carries two VLAN tags,
which is 8 bytes long.
Note that:
You can modify any existent rule of a user-defined ACL. If you modify only the time
range and/or action, the unmodified parts of the rule remain the same. If you modify the
rule-string rule-mask offset combinations, however, the new combinations will replace
all of the original ones.
If you do not specify the rule-id argument when creating an ACL rule, the rule will be
numbered automatically. If the ACL has no rules, the rule is numbered 0; otherwise, the
number of the rule will be the greatest rule number plus one. If the current greatest rule
Range.
Use the command...
system-view
acl number acl-number
rule [ rule-id ] { permit | deny }
[ rule-string rule-mask offset ]
&<1-8> [ time-range time-name ]
rule rule-id comment text
description text
1-10
Remarks
—
Required
Required
For information about
rule-string, refer to ACL
Commands.
Optional
No description by default
Optional
No description by default