1-12
# Create basic ACL 2001 and define rule 1 to deny packets that are non-tail fragments.
[Sysname] acl number 2001
[Sysname-acl-basic-2001] rule 1 deny fragment
[Sysname-acl-basic-2001] quit
# Create basic ACL 2002 and define rule 1 to deny all packets during the period specified by time range
trname.
[Sysname] acl number 2002
[Sysname-acl-basic-2002] rule 1 deny time-range trname
After completing the above configuration, you can use the display acl command to view the
configuration information of the ACLs.
rule (for Advanced ACLs)
Syntax
rule [ rule-id ] { deny | permit } protocol [ rule-string ]
undo rule rule-id [ destination | destination-port | dscp | fragment | icmp-type | precedence |
source | source-port | time-range | tos ]*
View
Advanced ACL view
Parameters
Parameters of the rule command
rule-id: ACL rule ID, in the range of 0 to 65534.
deny: Drops the matched packets.
permit: Permits the matched packets.
protocol: Protocol carried by IP. When the protocol is represented by numeral, it ranges from 1 to 255;
when the protocol is represented by name, it can be gre (47), icmp (1), igmp (2), ip, ipinip (4), ospf
(89), tcp (6), and udp (17).
rule-string: ACL rule information, which can be a combination of the parameters described in
Table 1-7.
To Next Page
Loading...
