1-23
Offset unit
2 to 5 6 to 9 10 to 13 14 to 17 18 to 21 22 to 25 26 to 29 30 to 33
6 to 9 10 to 13 14 to 17 18 to 21 22 to 25 26 to 29 30 to 33 34 to 37
12 to 15 16 to 19 20 to 23 24 to 27 28 to 31 32 to 35 36 to 39 40 to 43
20 to 23 24 to 27 28 to 31 32 to 35 36 to 39 40 to 43 44 to 47 48 to 51
30 to 33 34 to 37 38 to 41 42 to 45 46 to 49 50 to 53 54 to 57 58 to 61
42 to 45 46 to 49 50 to 53 54 to 57 58 to 61 62 to 65 66 to 69 70 to 73
56 to 59 60 to 63 64 to 67 68 to 71 72 to 75 76 to 79 0 to 3 4 to 7
&<1-8>: At most eight rules can be defined at one time.
time-range time-name: Specifies a time range within which the ACL rule is valid.
Description
Use the rule command to define an ACL rule.
Use the undo rule command to remove an ACL rule.
To remove an ACL rule using the undo rule command, you need to provide the ID of the ACL rule. You
can obtain the ID of an ACL rule by using the display acl command.
Note that:
z You can modify any existent rule of a user-defined ACL. If you modify only the time range and/or
action, the unmodified parts of the rule remain the same. If you modify the rule-string rule-mask
offset combinations, however, the new combinations will replace all of the original ones.
z If you do not specify the rule-id argument when creating an ACL rule, the rule will be numbered
automatically. If the ACL has no rules, the rule is numbered 0; otherwise, the number of the rule will
be the greatest rule number plus one. If the current greatest rule number is 65534, however, the
system will display an error message and you need to specify a number for the rule.
z The content of a modified or created rule cannot be identical with the content of any existing rules;
otherwise the rule modification or creation will fail, and the system prompts that the rule already
exists.
When specifying the offset, take the following two items into account:
z If VLAN-VPN is not enabled on any port, each packet in the switch carries one VLAN tag, which is
four bytes long.
z If VLAN-VPN is enabled on a port, each packet in the switch carries two VLAN tags, which occupy
eight bytes.
Frequently used protocol types and offsets are listed in the following table.
Table 1-17 Frequently used protocol types and offsets
Protocol
Protocol number
in hexadecimal
Offset when VLAN-VPN is
not enabled on any port
Offset when VLAN-VPN is
enabled on a port
ARP 0x0806 16 20
To Next Page
Loading...
