Configure Firewall 555

Configuring Standard The value of the standard access control list is an integer from 1 to 99. First of all, Access Control List enter the ACL view through acl command, and configure the match sequence of

the access control list, and then configure specific access rules through rule command. If the matching sequence is not configured, it will be conducted by auto mode.

Perform the following configurations in system view and ACL view.

Table 622 Configure Standard Access Control List

Operation

Command

 

 

Enter the ACL view and configure the

acl acl-number [ match-order config

match sequence of access control list

auto ]

 

 

Configure standard access list rule

rule { normal special }{ permit

 

deny } [source source-addr

 

source-wildcard any ]

 

 

Delete specific access list rule

undo rule { rule-id normal

 

special }}

 

 

Delete access list

undo acl {acl-number all }

 

 

normal means that this rule functions during normal time range, while special means that this rule will function during the special time range. Users shall set the special time segment when using special. Multiple rules with the same serial number will be matched according to “depth-first”command.

By default normal is adopted.

Configuring Extended The value of the extended access control list is an integer from 100 to 199. First of Access Control List all, enter the ACL view through acl command, and configure the match

sequence of the access control list, and then configure specific access rules through rule command. If the matching sequence is not configured, it will be conducted in auto mode.

Perform the following configurations in system view and ACL view.

Table 623 Configure Extended Access Control List

Operation

Command

 

 

Enter the ACL view and configure the

acl acl-number[ match-order config

match sequence of access control list

auto ]

 

 

Configure extended access control list rule

rule { normal special }{ permit

of TCP/UDP protocol

deny } { tcp udp } [source

 

source-addr source-wildcard any ]

 

[source-portoperator port1 [ port2 ]

 

] [ destination dest-addr dest-

 

wildcard any ] [destination-port

 

operator port1 [ port2 ] ] [logging]

 

 

Configure extended access control list rule

rule { normal special }{ permit

of ICMP protocol

deny } ICMP [source source-addr

 

source-wildcard any ] [ destination

 

dest-addr dest- wildcard any ]

 

[icmp-typeicmp-type icmp-code]

 

[logging]

 

 

Page 559
Image 559
3Com 10014299 manual Configure Standard Access Control List, Configure Extended Access Control List