3Com Switch 4500 Family Manual page 491

Hide thumbs Also See for Switch 4500 Family:

Table of Contents

&<1-8>: At most eight rules can be defined at one time.

time-range time-name: Specifies a time range within which the ACL rule is valid.

Use the rule command to define an ACL rule.

Use the undo rule command to remove an ACL rule.

To remove an ACL rule using the undo rule command, you need to provide the ID of the ACL rule. You

can obtain the ID of an ACL rule by using the display acl command.

You can modify any existent rule of a user-defined ACL. If you modify only the time range and/or

action, the unmodified parts of the rule remain the same. If you modify the rule-string rule-mask

offset combinations, however, the new combinations will replace all of the original ones.

If you do not specify the rule-id argument when creating an ACL rule, the rule will be numbered

automatically. If the ACL has no rules, the rule is numbered 0; otherwise, the number of the rule will

be the greatest rule number plus one. If the current greatest rule number is 65534, however, the

system will display an error message and you need to specify a number for the rule.

The content of a modified or created rule cannot be identical with the content of any existing rules;

otherwise the rule modification or creation will fail, and the system prompts that the rule already

When specifying the offset, take the following two items into account:

If VLAN-VPN is not enabled on any port, each packet in the switch carries one VLAN tag, which is

four bytes long.

If VLAN-VPN is enabled on a port, each packet in the switch carries two VLAN tags, which occupy

eight bytes.

Frequently used protocol types and offsets are listed in the following table.

Table 1-17 Frequently used protocol types and offsets

Protocol number

in hexadecimal

Offset when VLAN-VPN is

not enabled on any port

Offset when VLAN-VPN is

enabled on a port

Chapters

Table of Contents

4500 26-port 4500 50-port 4500 pwr 26-port