3Com Switch 4500 26-Port Configuration Manual page 133
Switch 4500 family 26-port, 50-port, pwr 26-port, pwr 50-port
Hide thumbs
Also See for Switch 4500 26-Port:
- Manual (942 pages) ,
- Configuration manual (898 pages) ,
- Getting started manual (128 pages)
Table of Contents
Advertisement
If ACL is used to filter or classify the data transmitted by the hardware of the
■
Switch, the match order defined in the acl command will not be effective. If
ACL is used to filter or classify the data treated by the software of the Switch,
the match order of ACL's sub-rules will be effective. Once the user specifies the
match-order of an ACL rule, he cannot modify it later.
The default matching-order of ACL is config, that is, following the order as that
■
configured by the user.
Define Basic ACL
The rules of the basic ACL are defined on the basis of the Layer-3 source IP address
to analyze the data packets.
You can use the following command to define basic ACL.
Perform the following configuration in the corresponding view.
Table 128 Define Basic ACL
Operation
Enter basic ACL view (from System
View)
add a sub-item to the ACL (from
Basic ACL View)
delete a sub-item from the ACL (from
Basic ACL View)
Delete one ACL or all the ACL (from
System View)
Define Advanced ACL
The rules of the classification for advanced ACL are defined on the basis of the
attributes such as source and destination IP address, the TCP or UDP port number
in use and packet priority to process the data packets. The advanced ACL supports
the analysis of three types of packet priorities, ToS (Type of Service), IP and DSCP
priorities.
You can use the following command to define advanced ACL.
Perform the following configuration in the corresponding view.
Table 129 Define Advanced ACL
Operation
Enter advanced ACL view (from
System View)
Add a sub-item to the ACL (from
Advanced ACL View)
Brief Introduction to ACL
Command
acl number acl_number [ match-order {
config | auto } ]
rule [ rule_id ] { permit | deny } [
source { source_addr wildcard | any } |
fragment ]*
undo rule rule_id [ source | fragment
]*
undo acl { number acl_number | all }
Command
acl number acl_number [ match-order {
config | auto } ]
rule [ rule_id ] { permit | deny }
protocol [ source { source_addr wildcard |
any } ] [ destination { dest_addr wildcard
| any } ] [ source-port operator port1 [
port2 ] ] [ destination-port operator
port1 [ port2 ] ] [ icmp-type type code ] [
established ] [ [ { precedence precedence
tos tos | dscp dscp vpn-instance instance
] fragment ]*
131
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
