H3C S3100 Series Command Manual page 565
Hide thumbs
Also See for S3100 Series:
- Command manual (1244 pages) ,
- Operation manual (1057 pages) ,
- Installation manual (94 pages)
Table of Contents
Advertisement
Command Manual (For Soliton) – ACL
H3C S3100 Series Ethernet Switches
Arguments rule-string and rule-mask indicate the content string and mask and consist
of two hexadecimal numbers respectively.
time-range time-name: Specifies the time range in which the rule takes effect.
time-name indicates the name of a time range and must be a case-insensitive string of
1 to 32 characters that starts with an English letter. To avoid confusion, it cannot be all.
Description
Use the rule command to define an ACL rule.
Use the undo rule command to remove an ACL rule.
To remove an ACL rule, you need to specify the number of the ACL rule. You can use
the display acl command to view the number of an ACL rule.
Note that:
You can modify any existent rule of an IPv6 ACL. If you modify only the action to
be taken or the time range, the unmodified part of the rule remains the same. If you
modify the contents of a user-defined string, the new string overwrites the original
one.
If you do not specify the rule-id argument when creating an ACL rule, the rule will
be numbered automatically. If the ACL has no rules, the rule is numbered 0;
otherwise, the number of the rule will be the greatest rule number plus one. If the
current greatest rule number is 65534, however, the system will display an error
message and you need to specify a number for the rule.
The content of a modified or created rule cannot be identical with the content of
any existing rule of the ACL; otherwise the rule modification or creation will fail,
and the system prompts that the rule already exists.
To specify the src-port or dest-port keyword for a rule, you need to specify the
ip-protocol rule-string rule-mask combination as TCP or UDP, that is, 0x06 or
0x11. To specify the icmpv6-type or icmpv6-code keyword for a rule, you need
to specify the ip-protocol rule-string rule-mask combination as ICMPv6, that is,
0x3a.
Note:
Note the following when assigning an IPv6 ACL to the hardware on H3C S3100 Series
Ethernet switches:
IPv6 ACLs do not match IPv6 packets with extension headers.
Do not use IPv6 ACLs with VLAN mapping and trusted port priority.
Example
# Configure an rule for IPv6 ACL 5000, denying packets from 3001::1/64 to 3002::1/64.
Chapter 1 ACL Configuration Commands
1-26
Hide quick links:
Advertisement
Chapters
Table of Contents
