Configuring Advanced Acl - 3Com 4500 PWR 26-Port Configuration Manual
Hide thumbs
Also See for 4500 PWR 26-Port:
- Manual (942 pages) ,
- Configuration manual (870 pages) ,
- Getting started manual (128 pages)
Table of Contents
Advertisement
With the config match order specified for the basic ACL, you can modify any existent rule. The
unmodified part of the rule remains. With the auto match order specified for the basic ACL, you
cannot modify any existent
If you do not specify
automatically. If the ACL has no rules, the rule is numbered 0; otherwise, the numb
be the greatest rule n
system will tell you that the
The content of a modified or created rule cannot be identical
otherwise the rule modification or creation will fa
exists.
With the auto match order specified, the new
depth-first principle, but
C
onfiguration example
# Configure ACL 2000 to deny
<Sysname> system-view
[Sysname] acl number 2000
[Sysname-acl-basic-2000] rule deny source 192.168.0.1 0
# Display the configuration
[Sysname-acl-basic-2000] display acl 2000
Basic ACL
2000, 1 rule
Acl's step is 1
rule 0 deny source 192.168.0.1 0
Configuring Advanced ACL
An advanced ACL can filter pa
by IP, and protocol-specific features such as TCP/UDP source and destination ports, ICMP message
type and message code.
An advanced ACL can be numbered from 3000 to 3999. Note that ACL 3998 and ACL 3999 cannot be
configured because they are reserved for cluster management.
Advanced ACLs support analysis and processing of three packet priority levels: type of service (ToS)
priority, IP priority and differ
Using advanced ACLs, you can define classification r
more flexible
than thos
Configuration prerequisites
To configure a time range-b
ranges first. For informat
The settings to be specified in the rule, such as source and destination IP addresses, the protocols
carried by IP, and protocol-specific features, are determined.
rule; otherwise the system will tell you that the rule cannot be modified.
the rule-id argument when creating an ACL rule, the rule will be numbered
umber plus one. If the current greatest rule number is 65534, however, the
rule cannot be created and you need to specify a number for the rule.
the numbers of the existent rules are unaltered.
packets whose source IP addresses are 192.168.0.1.
information of ACL 2000.
ckets by their source and destination IP addresses, the protocols carried
entiated services codepoint (DSCP).
e defined for basi
c ACLs.
as
ed advanced ACL rule, y
ion ab
out of time range config
44-6
with the content of any existing rule;
il, and the system prompts that the rule already
ly created rules will be inserted in the existent ones by
ules that are more accurate, more abundant, and
ou need to create the corresponding time
uration, re
fer to
er of the rule will
Configuring T
ime Range
.
- Quick Links:
- User Control
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
