3Com 5500-EI PWR Reference Manual page 763

Protocol
RARP
IP
IPX
AppleTalk
ICMP
IGMP
TCP
UDP
Examples
# Create user-defined ACL 5000 and define rule 1 to deny all TCP packets (it is assumed that no port is
enabled with the VLAN-VPN function). In the following rule command line, 06 is the protocol number of
TCP, ff is the rule mask, and 27 is the offset of the protocol field in an IP packet that the switch
processes internally.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] acl number 5000
[Sysname-acl-user-5000] rule 1 deny 06 ff 27
[Sysname-acl-user-5000] quit
# Create user-defined ACL 5001 and define rule 1 to deny ARP packets sourced from 192.168.0.1 (it is
assumed that no port is enabled with the VLAN-VPN function). In the following rule command line,
0806 is the protocol number of ARP, 16 is the offset of the protocol field in an Ethernet packet that the
switch processes internally, c0a80001 is the representation of 192.168.0.1 in hexadecimal, and 32 is
the offset of the source IP address field in an ARP packet that the switch processes internally.
[Sysname] acl number 5001
[Sysname-acl-user-5001] rule 1 deny 0806 ffff 16 c0a80001 ffffffff 32
[Sysname-acl-user-5001] quit
# Create user-defined ACL 5002 and define rule 1, specifying a 32-byte rule string, a rule mask of all Fs,
and an offset of 4. Then, apply the ACL to Ethernet 1/0/1.
[Sysname] acl number 5002
[Sysname-acl-user-5002] rule 1 deny
1234567890123456789012345678901234567890123456789012345678901234
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 4
[Sysname-acl-user-5002] quit
[Sysname] interface Ethernet 1/0/1
[Sysname-Ethernet1/0/1] packet-filter inbound user-group 5002
Protocol number
in hexadecimal
0x8035
0x0800
0x8137
0x809B
0x01
0x02
0x06
0x11
Offset when VLAN-VPN is
not enabled on any port
16
16
16
16
27
27
27
27
1-24
Offset when VLAN-VPN is
enabled on a port
20
20
20
20
31
31
31
31