2093
fragment
: Indicates that the rule applies only to non-first fragments. Without this
keyword, the rule applies to both fragments and non-fragments
logging
: Specifies to log matched packets. The log provides information about
ACL rule number, whether packets are permitted or dropped, upper layer protocol
that IP carries, source/destination address, source/destination port number, and
number of packets.
source
{
sour-addr sour-wildcard
|
any
}: Specifies a source address. The
sour-addr
sour-wildcard
argument specifies a source IP address in dotted decimal notation.
Setting the wildcard to a zero indicates a host address. The
any
keyword indicates
any source IP address.
time-range
time-name:
Specifies the time range in which the rule takes effect.
The
time-name
argument specifies a time range name with 1 to 32 characters. It is
case insensitive and must start with an English letter. To avoid confusion, this name
cannot be all.
vpn-instance
vpn-instance-name:
Specifies a VPN instance. The
vpn-instance-name
argument is a case-sensitive string of 1 to 31 characters.
Description
Use the
rule
command to create a basic IPv4 ACL rule or modify the rule if it has
existed.
Use the
undo rule
command to remove a basic IPv4 ACL rule or parameters from
the rule.
With the
undo rule
command, if no parameters are specified, the entire ACL rule
is removed; if other parameters are specified, only the involved information is
removed.
You will fail to create or modify a rule if its permit/deny statement is exactly the
same as another rule. In addition, if the ACL match order is set to
auto
rather than
config
, you cannot modify ACL rules.
When defining ACL rules, you need not assign them IDs. The system can
automatically assign rule IDs starting with 0 and increasing in certain rule
numbering steps. A rule ID thus assigned is greater than the current highest rule
ID. For example, if the rule numbering step is 5 and the current highest rule ID is
28, the next rule will be numbered 30. For detailed information about step, refer
to “step (for IPv4)” on page 2100 and “step (for IPv6)” on page 2116.
You may use the
display acl
command to verify rules configured in an ACL. If the
match order for this ACL is
auto
, rules are displayed in the depth-first match order
rather than by rule number.
Example
# Create a rule to deny packets with the source IP address 1.1.1.1.
<Sysname> system-view
[Sysname] acl number 2000
[Sysname-acl-basic-2000] rule deny source 1.1.1.1 0
Summary of Contents for MSR 20-20
Page 110: ......
Page 130: ...130 CHAPTER 4 ATM OC 3C STM 1 INTERFACE CONFIGURATION COMMANDS...
Page 141: ...141 Sysname system view Sysname interface atm 5 0 Sysname Atm5 0 shdsl wire 4 auto enhanced...
Page 142: ...142 CHAPTER 5 G SHDSL INTERFACE CONFIGURATION COMMANDS...
Page 150: ...150 CHAPTER 6 ADSL INTERFACE CONFIGURATION COMMANDS...
Page 174: ...174 CHAPTER 8 GENERAL ETHERNET INTERFACE CONFIGURATION COMMANDS...
Page 186: ...186 CHAPTER 9 CONFIGURATION COMMANDS FOR ETHERNET INTERFACES IN BRIDGE MODE...
Page 288: ...288 CHAPTER 17 FUNDAMENTAL CT3 INTERFACE CONFIGURATION COMMANDS...
Page 290: ...290 CHAPTER 18 ISDN BRI INTERFACE CONFIGURATION COMMANDS...
Page 336: ...336 CHAPTER 20 DCC CONFIGURATION COMMANDS...
Page 418: ...418 CHAPTER 24 GVRP CONFIGURATION COMMANDS...
Page 502: ...502 CHAPTER 30 PORT MIRRORING CONFIGURATION COMMANDS...
Page 532: ...532 CHAPTER 32 PPP LINK EFFICIENCY MECHANISM CONFIGURATION COMMANDS...
Page 538: ...538 CHAPTER 33 PPPOE SERVER CONFIGURATION COMMANDS...
Page 548: ...548 CHAPTER 35 PPP DEBUGGING COMMANDS...
Page 596: ...596 CHAPTER 37 ISDN CONFIGURATION COMMANDS...
Page 630: ...630 CHAPTER 38 MSTP CONFIGURATION COMMANDS...
Page 638: ...638 CHAPTER 39 VLAN CONFIGURATION COMMANDS...
Page 652: ...652 CHAPTER 41 VOICE VLAN CONFIGURATION COMMANDS...
Page 670: ...670 CHAPTER 44 LOGICAL INTERFACE CONFIGURATION COMMANDS...
Page 688: ...688 CHAPTER 45 CPOS INTERFACE CONFIGURATION COMMANDS...
Page 696: ...696 CHAPTER 46 ARP CONFIGURATION COMMANDS...
Page 728: ...728 CHAPTER 51 DHCP SERVER CONFIGURATION COMMANDS...
Page 742: ...742 CHAPTER 52 DHCP RELAY AGENT CONFIGURATION COMMANDS...
Page 746: ...746 CHAPTER 53 DHCP CLIENT CONFIGURATION COMMANDS...
Page 750: ...750 CHAPTER 54 DHCP SNOOPING CONFIGURATION COMMANDS...
Page 772: ...772 CHAPTER 57 DNS CONFIGURATION COMMANDS...
Page 786: ...786 CHAPTER 59 IP ADDRESSING CONFIGURATION COMMANDS...
Page 806: ...806 CHAPTER 60 IP PERFORMANCE CONFIGURATION COMMANDS...
Page 818: ...818 CHAPTER 61 IP UNICAST POLICY ROUTING CONFIGURATION COMMANDS...
Page 822: ...822 CHAPTER 62 UDP HELPER CONFIGURATION COMMANDS...
Page 824: ...824 CHAPTER 63 URPF CONFIGURATION COMMANDS...
Page 828: ...828 CHAPTER 64 FAST FORWARDING COMMANDS...
Page 880: ...880 CHAPTER 67 DUAL STACK CONFIGURATION COMMANDS...
Page 888: ...888 CHAPTER 68 TUNNELING CONFIGURATION COMMANDS...
Page 928: ...928 CHAPTER 70 TERMINAL ACCESS CONFIGURATION COMMANDS...
Page 1014: ...1014 CHAPTER 72 BGP CONFIGURATION COMMANDS...
Page 1088: ...1088 CHAPTER 74 IS IS CONFIGURATION COMMANDS...
Page 1106: ...1106 CHAPTER 75 IS IS DEBUGGING COMMANDS...
Page 1212: ...1212 CHAPTER 79 IPV4 ROUTING POLICY CONFIGURATION COMMANDS...
Page 1268: ...1268 CHAPTER 82 IPV6 BGP CONFIGURATION COMMANDS...
Page 1324: ...1324 CHAPTER 85 IPV6 RIPNG CONFIGURATION COMMANDS...
Page 1364: ...1364 CHAPTER 88 IGMP CONFIGURATION COMMANDS...
Page 1430: ...1430 CHAPTER 90 PIM CONFIGURATION COMMANDS...
Page 1504: ...1504 CHAPTER 93 IPV6 PIM CONFIGURATION COMMANDS...
Page 1644: ...1644 CHAPTER 96 MPLS TE CONFIGURATION COMMANDS...
Page 1670: ...1670 CHAPTER 97 MPLS L2VPN CONFIGURATION COMMANDS...
Page 1742: ...1742 CHAPTER 101 IPSEC PROFILE CONFIGURATION COMMANDS...
Page 1774: ...1774 CHAPTER 105 TRAFFIC POLICING TP CONFIGURATION COMMANDS...
Page 1778: ...1778 CHAPTER 106 TRAFFIC SHAPING CONFIGURATION COMMANDS...
Page 1782: ...1782 CHAPTER 107 LINE RATE CONFIGURATION COMMANDS...
Page 1807: ...1807 Sysname system view Sysname qos policy user1 Sysname qospolicy user1...
Page 1808: ...1808 CHAPTER 110 DEFINING POLICY COMMANDS...
Page 1810: ...1810 CHAPTER 111 FIFO QUEUING CONFIGURATION COMMANDS...
Page 1836: ...1836 CHAPTER 116 RTP PRIORITY QUEUE CONFIGURATION COMMANDS...
Page 1838: ...1838 CHAPTER 117 QOS TOKEN CONFIGURATION COMMANDS...
Page 1842: ...1842 CHAPTER 118 PRIORITY MAPPING TABLE CONFIGURATION COMMANDS...
Page 1844: ...1844 CHAPTER 119 PORT PRIORITY CONFIGURATION COMMANDS...
Page 1852: ...1852 CHAPTER 121 WRED CONFIGURATION COMMANDS...
Page 1860: ...1860 CHAPTER 123 MPLS QOS CONFIGURATION COMMANDS...
Page 1874: ...1874 CHAPTER 124 DAR CONFIGURATION COMMANDS...
Page 1947: ...1947 Sysname system view Sysname local user user1 Sysname luser user1 work directory cf...
Page 1948: ...1948 CHAPTER 127 AAA CONFIGURATION COMMANDS...
Page 1990: ...1990 CHAPTER 129 HWTACACS CONFIGURATION COMMANDS...
Page 2008: ...2008 CHAPTER 131 ASPF CONFIGURATION COMMANDS...
Page 2080: ...2080 CHAPTER 135 PORTAL CONFIGURATION COMMANDS...
Page 2086: ...2086 CHAPTER 137 COMMON CONFIGURATION COMMANDS...
Page 2102: ...2102 CHAPTER 138 IPV4 ACL CONFIGURATION COMMANDS...
Page 2118: ...2118 CHAPTER 139 IPV6 ACL CONFIGURATION COMMANDS...
Page 2200: ...2200 CHAPTER 142 SSH2 0 CONFIGURATION COMMANDS...
Page 2314: ...2314 CHAPTER 152 NTP CONFIGURATION COMMANDS...
Page 2328: ...2328 CHAPTER 153 RMON CONFIGURATION COMMANDS...
Page 2350: ...2350 CHAPTER 154 SNMP CONFIGURATION COMMANDS...
Page 2368: ...2368 CHAPTER 156 CONFIGURATION FILE MANAGEMENT COMMANDS...
Page 2390: ...2390 CHAPTER 158 FTP CLIENT CONFIGURATION COMMANDS...
Page 2396: ...2396 CHAPTER 159 TFTP CLIENT CONFIGURATION COMMANDS...
Page 2484: ...2484 CHAPTER 165 MAC ADDRESS TABLE MANAGEMENT CONFIGURATION COMMANDS...
Page 2646: ...2646 CHAPTER 174 DIAL PLAN CONFIGURATION COMMANDS...
Page 2710: ...2710 CHAPTER 178 SIP CONFIGURATION COMMANDS...
Page 2720: ...2720 CHAPTER 179 VOFR CONFIGURATION COMMANDS...