Configuring An Advanced Ipv4 Acl; Configuration Prerequisites; Configuration Procedure - 3Com 4500G Family Configuration Manual
24/48 port
Hide thumbs
Also See for 4500G Family:
- Getting started manual (92 pages) ,
- Datasheet (8 pages) ,
- Product manual (15 pages)
Table of Contents
Advertisement
<Sysname> system-view
[Sysname] acl number 2000
[Sysname-acl-basic-2000] rule deny source 1.1.1.1 0
# Verify the configuration.
[Sysname-acl-basic-2000] display acl 2000
Basic ACL
2000, named -none-, 1 rule,
ACL's step is 5
rule 0 deny source 1.1.1.1 0 (5 times matched)
Configuring an Advanced IPv4 ACL
Advanced IPv4 ACLs match packets based on source IP address, destination IP address, protocol
carried over IP, and other protocol header fields, such as the TCP/UDP source port number, TCP/UDP
destination port number, TCP flag, ICMP message type, and ICMP message code.
In addition, advanced IPv4 ACLs allow you to filter packets based on three priority criteria: type of
service (ToS), IP precedence, and differentiated services codepoint (DSCP) priority.
Advanced IPv4 ACLs are numbered in the range 3000 to 3999. Compared with basic IPv4 ACLs, they
allow of more flexible and accurate filtering.
Configuration Prerequisites
If you want to reference a time range in a rule, define it with the time-range command first.
Configuration Procedure
Follow these steps to configure an advanced IPv4 ACL:
To do...
Enter system view
Create an advanced
IPv4 ACL and enter its
view
Create or modify a rule
Use the command...
system-view
acl number acl-number [ name
acl-name ] [ match-order { auto |
config } ]
rule [ rule-id ] { deny | permit }
protocol [ { established | { ack
ack-value | fin fin-value | psh
psh-value | rst rst-value | syn
syn-value | urg urg-value } * } |
destination { dest-addr
dest-wildcard | any } |
destination-port operator port1
[ port2 ] | dscp dscp | fragment |
icmp-type { icmp-type icmp-code
| icmp-message } | logging |
precedence precedence |
reflective | source { sour-addr
sour-wildcard | any } |
source-port operator port1
[ port2 ] | time-range
time-range-name | tos tos ] *
2-4
Remarks
––
Required
The default match order is config.
If you specify a name for an IPv4
ACL when creating the ACL, you can
use the acl name acl-name
command to enter the view of the
ACL later.
Required
To create or modify multiple rules,
repeat this step.
Notes that the reflective keyword is
not supported.
Note that if the ACL is to be
referenced by a QoS policy for traffic
classification, the logging keyword
is not supported and the operator
argument cannot be neq.
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
