Command Manual – ACL
H3C S7500E Series Ethernet Switches
Chapter 1 ACL Configuration Commands
1-13
insensitive and must start with an English letter. To avoid confusion, this name cannot
be all.
vpn-instance vpn-instance-name
:
Specifies a VPN instance. The
vpn-instance-name
argument is a case-sensitive string of 1 to 31 characters. Without this combination, the
rule applies to only non-VPN packets.
Description
Use the
rule
command to create a basic IPv4 ACL rule or modify the rule if it has
existed.
Use the
undo
rule
command to remove a basic IPv4 ACL rule or parameters from the
rule.
With the
undo
rule
command, if no parameters are specified, the entire ACL rule is
removed; if other parameters are specified, only the involved information is removed.
Note that:
z
You will fail to create or modify a rule if its permit/deny statement is exactly the
same as another rule. In addition, if the ACL match order is set to
auto
rather than
config
, you cannot modify ACL rules.
z
When defining ACL rules, you need not assign them IDs. The system can
automatically assign rule IDs starting with 0 and increasing in certain rule
numbering steps. A rule ID thus assigned is greater than the current highest rule
ID. For example, if the rule numbering step is 5 and the current highest rule ID is
28, the next rule will be numbered 30.
z
You may use the
display acl
command to verify rules configured in an ACL. If the
match order for this ACL is
auto
, rules are displayed in the depth-first match order
rather than by rule number.
Note:
For a basic IPv4 ACL rule to be referenced by a QoS policy for traffic classification, the
logging
and
vpn-instance
keywords are not supported.
Examples
# Create a rule to deny packets with the source IP address 1.1.1.1.
<Sysname> system-view
[Sysname] acl number 2000
[Sysname-acl-basic-2000] rule deny source 1.1.1.1 0