208 CHAPTER 8: ACL CONFIGURATION
Table 225 Define Basic ACL
Define Advanced ACL
The rules of the classification for advanced ACL are defined on the basis of the
attributes such as source and destination IP address, the TCP or UDP port number
in use and packet priority to process the data packets. The advanced ACL supports
the analysis of three types of packet priorities, ToS (Type of Service), IP and DSCP
priorities.
You can use the following command to define advanced ACL.
Perform the following configuration in the corresponding view.
Table 226 Define Advanced ACL
Note that, the port1 and port2 in the above command specify the TCP or UDP
ports used by various high-layer applications. For some common port numbers,
you can use the mnemonic symbols as a shortcut. For example, “bgp” can
represent the TCP number 179 used by BGP.
Define Layer-2 ACL
The rules of Layer-2 ACL are defined on the basis of the Layer-2 information such
as source MAC address, source VLAN ID, Layer-2 protocol type, Layer-2 packet
format and destination MAC address.
Operation Command
Enter basic ACL view (from System
View)
acl number
acl_number
[ match-order {
config | auto } ]
add a sub-item to the ACL (from
Basic ACL View)
rule [
rule_id
] { permit | deny } [
source {
source_addr wildcard
| any } |
fragment | logging | time-range
name
]*
delete a sub-item from the ACL (from
Basic ACL View)
undo rule
rule_id
[ source | fragment
| logging | time-range ]*
Delete one ACL or all the ACL (from
System View)
undo acl { number
acl_number
| all }
Operation Command
Enter advanced ACL view (from
System View)
acl number
acl_number
[ match-order {
config | auto } ]
Add a sub-item to the ACL (from
Advanced ACL View)
rule [
rule_id
] { permit | deny }
protocol
[ source {
source_addr wildcard
|
any } ] [ destination {
dest_addr wildcard
| any } ] [ source-port
operator port1
[
port2
] ] [ destination-port
operator
port1
[
port2
] ] [ icmp-type
type code
] [
established ] [ [ { precedence
precedence
tos
tos
| dscp
dscp
}* | vpn-instance
instance
] | fragment | logging |
time-range
name
]*
Delete a sub-item from the ACL
(from Advanced ACL View)
undo rule
rule_id
[ source | destination |
source-port | destination-port |
icmp-type | precedence | tos | dscp |
fragment | logging | time-range |
vpn-instance ]*
Delete one ACL or all the ACL
(from System View)
undo acl { number
acl_number
| all }
To Next Page