Configuring An Advanced Ipv4 Acl - 3Com Switch 4800G 24-Port Configuration Manual

Switch 4800g family 24-port, pwr 24-port, 48-port, pwr 48-port, 24-port sfp
Hide thumbs Also See for Switch 4800G 24-Port:
Table of Contents

Advertisement

844
C
63: IP
4 ACL C
HAPTER
V
Configuring an
Advanced IPv4 ACL
Configuration
Prerequisites
Configuration Procedure
ONFIGURATION
Advanced IPv4 ACLs filter packets based on source IP address, destination IP
address, protocol carried on IP, and other protocol header fields, such as the
TCP/UDP source port, TCP/UDP destination port, ICMP message type, and ICMP
message code.
In addition, advanced IPv4 ACLs allow you to filter packets based on three priority
criteria: type of service (ToS), IP precedence, and differentiated services codepoint
(DSCP) priority.
Advanced IPv4 ACLs are numbered in the range 3000 to 3999. Compared with
basic IPv4 ACLs, they allow of more flexible and accurate filtering.
If you want to reference a time range to a rule, define it with the time-range
command first.
Follow these steps to configure an advanced IPv4 ACL:
To do...
Enter system view
Create and enter
advanced IPv4 ACL
view
Create or modify a rule rule [ rule-id ] { deny | permit }
Set a rule numbering
step
Create an IPv4 ACL
description
Create a rule
description
Use the command...
system-view
acl number acl-number [ name
acl-name ] [ match-order
{ auto | config } ]
protocol [ destination
{ dest-addr dest-wildcard | any }
| destination-port operator
port1 [ port2 ] | dscp dscp |
established | fragment |
icmp-type { icmp-type
icmp-code | icmp-message } |
logging | precedence
precedence | reflective | source
{ sour-addr sour-wildcard | any }
| source-port operator port1
[ port2 ] | time-range
time-name | tos tos ] *
step step-value
description text
rule rule-id comment text
Remarks
--
Required
The default match order is config.
If you specify a name for an IPv4
ACL when creating the ACL, you
can use the acl name acl-name
command to enter the view of the
ACL later.
Required
To create multiple rules, repeat this
step.
Note that if the ACL is to be
referenced by a QoS policy for
traffic classification, the logging
and reflective keywords are not
supported and the operator
argument cannot be:
neq, if the policy is for the
inbound traffic,
gt, lt, neq or range, if the
policy is for the outbound
traffic.
Optional
The default step is 5.
Optional
By default, no IPv4 ACL description
is present.
Optional
By default, no rule description is
present.

Hide quick links:

Advertisement

Table of Contents
loading

Table of Contents