3Com Switch 4800G 24-Port Configuration Manual page 843

n
c
Configuration Examples
To do...
Create and enter basic
IPv4 ACL view
Create or modify a rule
Set a rule numbering
step
Create an IPv4 ACL
description
Create a rule description rule rule-id comment text
You will fail to create or modify a rule if its permit/deny statement is exactly the
■
same as another rule. In addition, if the ACL match order is set to auto rather
than config, you cannot modify ACL rules.
You may use the display acl command to verify rules configured in an ACL. If
■
the match order for this ACL is auto, rules are displayed in the depth-first
match order rather than by rule number.
CAUTION:
You can modify the match order of an ACL with the acl number acl-number
■
[ name acl-name ] match-order { auto | config } command but only when it
does not contain any rules.
The rule specified in the rule comment command must have existed.
■
# Create IPv4 ACL 2000 to deny the packets with source address 1.1.1.1 to pass.
<Sysname> system-view
[Sysname] acl number 2000
[Sysname-acl-basic-2000] rule deny source 1.1.1.1 0
# Verify the configuration.
[Sysname-acl-basic-2000] display acl 2000
Basic ACL 2000, named -none-, 1 rule,
ACL's step is 5
rule 0 deny source 1.1.1.1 0
Use the command...
acl number acl-number
[ name acl-name ]
[ match-order { auto |
config } ]
rule [ rule-id ] { deny |
permit } [ fragment |
logging | source { sour-addr
sour-wildcard | any } |
time-range time-name ] *
step step-value
description text
Configuring a Basic IPv4 ACL
Remarks
Required
The default match order is config.
If you specify a name for an IPv4
ACL when creating the ACL, you can
use the acl name acl-name
command to enter the view of the
ACL later.
Required
To create multiple rules, repeat this
step.
Note that the logging keyword is
not supported if the ACL is to be
referenced by a QoS policy for traffic
classification.
Optional
The default step is 5.
Optional
By default, no IPv4 ACL description
is present.
Optional
By default, no rule description is
present.
843