212CHAPTER 22: ACL CONFIGURATION GUIDE
#Define ACL 5000 to deny any ARP packet whose source IP address is 192.168.0.1 from 8:00 to 18:00 everyday (provided that
| [3Com] acl number 5000 |
| |
| |
| # Apply ACL 5000 to Ethernet 1/0/1. |
| [3Com] interface Ethernet 1/0/1 |
| |
Complete Configuration | # |
| acl number 5000 |
| rule 1 deny 0806 ffff 16 c0a80001 ffffffff 32 |
| # |
| interface Ethernet1/0/1 |
| |
| # |
| |
| # |
Precautions | ■ Some functions and protocols configured on the device may occupy ACL rule |
| resources. The actual occupation varies with functions and protocols. |
| ■ For a Switch 5500, if |
| carries one VLAN tag which is 4 bytes long; If |
| each packet in the switch carries two VLAN tags, which are 8 bytes long. Pay |
| attention to the above information when configuring a rule that matches |
| specific fields of packets. |
| ■ For an Switch 5500Gs Ethernet switch, each packet in the switch carries two |
| VLAN tags, which are 8 bytes long. Pay attention to the above information |
| when configuring a rule that matches specific fields of packets. |
| ■ The command for defining a |
| permit } [ |
| where, |
| string, |
| ■ If you specify multiple rule strings in an ACL rule, the valid length of the rule |
| mask is 128 hexadecimal numerals (64 bytes).For example, assume that you |
| specify a rule string of aa and set its offset to 2. If you continue to specify a rule |
| string of bb, its offset must be in the range from 3 to 65 bytes. If you set the |
| offset of the rule string aa to 3, the offset of the rule string bb must be in the |
| range of 4 to 66 bytes, and so on. Note that the offset of the rule string bb |
| cannot be greater than 79 bytes. |
| ■ As shown in Table 2, the hardware rule of the Switch 5500/5500G logically |
| divides the rule mask offset of a |
| each of which is |
| are numbered from Offset1 to Offset8 |
