Defining Advanced ACLs
205
Configuration
Preparation
Before configuring an ACL rule containing time range arguments, you need to
configure define the corresponding time ranges. For the configuration of time ranges,
refer to ?Advanced ACL.
The values of source and destination IP addresses, the type of protocol over IP, and
protocol-specific features in the rule have been defined.
Configuration Procedure
In the case that you specify the rule ID when defining a rule:
■
If the rule corresponding to the specified rule ID already exists, you will edit the
rule, and the modified part in the rule will replace the original content, while other
parts remain unchanged.
■
If the rule corresponding to the specified rule ID does not exists, you will create
and define a new rule.
■
The content of a modified or created rule must not be identical with the content
of any existing rule; otherwise the rule modification or creation will fail, and the
system will prompt that the rule already exists.
If you do not specify a rule ID, you will create and define a new rule, and the system
will assign an ID for the rule automatically.
rule-string
: rule information, which can be combination of the parameters given in
Table 175. Table 175 describes the specific parameters. You must configure the
protocol
argument in the rule information before you can configure other arguments.
Table 174
Configure an advanced ACL rule
Operation
Command
Description
Enter system view
system-view
-
Enter advanced ACL
view
acl number
acl-number
[
match-order
{
config
|
auto
} ]
By the default, the match order
is
config
Define an rule
rule
[
rule-id
] {
permit
|
deny
}
rule-string
Required
Define the comment
string of the ACL rule
rule
rule-id
comment
text
Optional
Define the description
information of the
ACL
description
text
Optional
Display ACL
information
display
acl
{
all
|
acl-number
}
Optional
The
display
command can be
executed in any view
Table 175
Rule information
Parameter
Type
Function
Description
protocol
Protocol type
Type of protocol
over IP
When expressed in numerals, the
value range is 1 to 255
When expressed with a name, the
value can be GRE, ICMP, IGMP, IP,
IPinIP, OSPF, TCP, and UDP
source
{
sour-addr
sour-wildcard
|
any
}
Source address
information
Specifies the source
address information
in the rule
sour-addr sour-wildcard
is used to
specify the source address of the
packet, expressed in dotted
decimal notation
any
represents any source address
Summary of Contents for 3CR17660-91
Page 10: ...8 CONTENTS ...
Page 14: ...4 ABOUT THIS GUIDE ...
Page 46: ...32 CHAPTER 5 LOGGING IN THROUGH WEB BASED NETWORK MANAGEMENT SYSTEM ...
Page 48: ...34 CHAPTER 6 LOGGING IN THROUGH NMS ...
Page 60: ...46 CHAPTER 9 VLAN CONFIGURATION ...
Page 64: ...50 CHAPTER 10 MANAGEMENT VLAN CONFIGURATION ...
Page 80: ...66 CHAPTER 13 GVRP CONFIGURATION ...
Page 98: ...84 CHAPTER 15 LINK AGGREGATION CONFIGURATION ...
Page 112: ...98 CHAPTER 18 MAC ADDRESS TABLE MANAGEMENT ...
Page 126: ...112 CHAPTER 19 LOGGING IN THROUGH TELNET ...
Page 162: ...148 CHAPTER 20 MSTP CONFIGURATION ...
Page 274: ...260 CHAPTER 29 IGMP SNOOPING CONFIGURATION ...
Page 276: ...262 CHAPTER 30 ROUTING PORT JOIN TO MULTICAST GROUP CONFIGURATION ...
Page 298: ...284 CHAPTER 33 SNMP CONFIGURATION ...
Page 304: ...290 CHAPTER 34 RMON CONFIGURATION ...
Page 338: ...324 CHAPTER 36 SSH TERMINAL SERVICES ...
Page 356: ...342 CHAPTER 38 FTP AND TFTP CONFIGURATION ...
Page 365: ...Information Center Configuration Example 351 S4200G terminal logging ...
Page 366: ...352 CHAPTER 39 INFORMATION CENTER ...
Page 378: ...364 CHAPTER 40 BOOTROM AND HOST SOFTWARE LOADING ...
Page 384: ...370 CHAPTER 41 Basic System Configuration and Debugging ...
Page 388: ...374 CHAPTER 43 NETWORK CONNECTIVITY TEST ...
Page 406: ...392 CHAPTER 45 CONFIGURATION OF NEWLY ADDED CLUSTER FUNCTIONS ...