H3C S3100 Series Command Manual page 551

Command Manual (For Soliton) – ACL
H3C S3100 Series Ethernet Switches
deny: Drops the matched packets.
permit: Permits the matched packets.
rule-string: ACL rule information, which can be a combination of the parameters
described in
Table 1-6 Parameters for basic IPv4 ACL rules
Parameters
source { sour-addr
sour-wildcard | any }
fragment
time-range
time-name
Note:
sour-wildcard is the complement of the wildcard mask of the source subnet mask. For
example, you need to input 0.0.255.255 to specify the subnet mask 255.255.0.0.
II. Parameters of the undo rule command
rule-id: Rule ID, which must the ID of an existing ACL rule. You can obtain the ID of an
ACL rule by using the display acl command.
fragment: Removes the settings concerning non-tail fragments in the ACL rule.
source: Removes the settings concerning source address in the ACL rule.
time-range: Removes the settings concerning time range in the ACL rule.
Note:
When you assign basic ACLs to the hardware for packet filtering, the fragment
keyword is not supported on a H3C S3100 Series Ethernet switch.
Table 1-6.
Function
Specifies a source
address.
Indicates that the rule
applies only to non-tail
fragments.
Specifies the time range
in which the rule takes
effect.
Chapter 1 ACL Configuration Commands
The sour-addr sour-wildcard
argument specifies a source IP
address in dotted decimal
notation. Setting the wildcard to a
zero indicates a host address.
The any keyword indicates any
source IP address.
––
time-name: specifies the name of
the time range in which the rule is
active; a string comprising 1 to 32
characters.
1-12
Description