2093

fragment: Indicates that the rule applies only to non-first fragments. Without this keyword, the rule applies to both fragments and non-fragments

logging: Specifies to log matched packets. The log provides information about ACL rule number, whether packets are permitted or dropped, upper layer protocol that IP carries, source/destination address, source/destination port number, and number of packets.

source { sour-addrsour-wildcard any }: Specifies a source address. The sour-addrsour-wildcardargument specifies a source IP address in dotted decimal notation. Setting the wildcard to a zero indicates a host address. The any keyword indicates any source IP address.

time-rangetime-name:Specifies the time range in which the rule takes effect. The time-nameargument specifies a time range name with 1 to 32 characters. It is case insensitive and must start with an English letter. To avoid confusion, this name cannot be all.

vpn-instancevpn-instance-name:Specifies a VPN instance. The vpn-instance-nameargument is a case-sensitive string of 1 to 31 characters.

Description Use the rule command to create a basic IPv4 ACL rule or modify the rule if it has existed.

Use the undo rule command to remove a basic IPv4 ACL rule or parameters from the rule.

With the undo rule command, if no parameters are specified, the entire ACL rule is removed; if other parameters are specified, only the involved information is removed.

You will fail to create or modify a rule if its permit/deny statement is exactly the same as another rule. In addition, if the ACL match order is set to auto rather than config, you cannot modify ACL rules.

When defining ACL rules, you need not assign them IDs. The system can automatically assign rule IDs starting with 0 and increasing in certain rule numbering steps. A rule ID thus assigned is greater than the current highest rule ID. For example, if the rule numbering step is 5 and the current highest rule ID is 28, the next rule will be numbered 30. For detailed information about step, refer to “step (for IPv4)” on page 2100 and “step (for IPv6)” on page 2116.

You may use the display acl command to verify rules configured in an ACL. If the match order for this ACL is auto, rules are displayed in the depth-first match order rather than by rule number.

Example # Create a rule to deny packets with the source IP address 1.1.1.1.

<Sysname> system-view

[Sysname] acl number 2000

[Sysname-acl-basic-2000] rule deny source 1.1.1.1 0

Page 2093
Image 2093
3Com MSR 50, MSR 30 manual 2093