QTECH
Software Configuration Manual
13-175
no periodic
days-of-the-week hh : mm : ss
to
[ day-of-the-week ] hh : mm : ss
The effective time range of periodic time is a week. It can configure at most 32 periodic time range.
13.3.3
Standard ACL
Switch can defaine at most 99 standard ACL with the number ID (the number is in the range of 1 to 99), at
most 1000 standard ACL with the name ID and totally 3000 sub-rules. It can define 128 sub-rules for an ACL (this
rule can suit both ACL with name ID and number ID). Standard ACL only classifies data packet according to the
source IP information of IP head of data packet and analyse the matching data packet. The construction of IP head
refers to RFC791.
13.3.3.1
Define standard ACL based on number ID
Standard ACL based on number ID is using number to be ID of standard ACL. Use following command to
define standard ACL based on number ID.
Configure it in global configuration mode.
Command :
access-list
access-list-number
{
deny | permit
} {
source-addr source-wildcard
| any } [
fragments
]
[
time-range
time-range-name
]
Define the matching order of ACL :
access-list
access-list-number
match-order
{ config | auto }
Delete all the subitems or one subitem in one ACL with number ID or name ID or all ACLs.
no access-list
{ all | {
access-list-number
|
name
access-list-name
} [
subitem
] }
Use access-list command repeatedly to define more rules for the same ACL.
If parameter time-range is not used, this ACL will be effective at any time after activation.
Concrete parameter meaning refers to corresponded command line.
13.3.3.2
Define standard ACL with name ID.
Defining standard ACL with name ID should enter specified configuration mode : use
access-list
standard
in global configuration mode which can specify matching order of ACL. Use exit command to be back
from this mode.
Enter standard ACL with name ID configuration mode(global configuration mode)
access-list standard
name
[ match-order { config | auto } ]
Defining standard ACL rule (standard ACL with name ID configuration mode)
{
permit | deny
} {
source-addr source-wildcard
| any } [
fragments
] [
time-range
time-range-name
]
Delete all the subitems or one subitem in one ACL with number ID or name ID or all ACLs.(global
configuration mode)
no access-list
{ all | {
access-list-number
|
name
access-list-name
} [
subitem
] }
Use { permit | deny } command repeatedly to define more rules for the same ACL. Specifying matching
order cannot be modified.
By default, the matching order is user configured order (config).
Concrete parameter meaning refers to corresponded command line.
13.3.4
Define extended ACL
Switch can defaine at most 100 extended ACL with the number ID (the number is in the range of 100 to 199),
at most 1000 extended ACL with the name ID and totally 3000 sub-rules. It can define 128 sub-rules for an ACL (this
rule can suit both ACL with name ID and number ID). Extended ACL classifies data packet according to the source IP,
destination IP, used TCP or UDP interface number, packet priority information of IP head of data packet and analyse
the matching data packet. Extended ACL supports three types of packet priority handling : TOS(Type Of Service)
priority, IP priority and DSCP. The construction of IP head refers to RFC791.