EasyManua.ls Logo

3Com Switch 4800G 24-Port - Configuring an Advanced Ipv4 ACL

3Com Switch 4800G 24-Port
1246 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
844 CHAPTER 63: IPV4 ACL CONFIGURATION
Configuring an
Advanced IPv4 ACL
Advanced IPv4 ACLs filter packets based on source IP address, destination IP
address, protocol carried on IP, and other protocol header fields, such as the
TCP/UDP source port, TCP/UDP destination port, ICMP message type, and ICMP
message code.
In addition, advanced IPv4 ACLs allow you to filter packets based on three priority
criteria: type of service (ToS), IP precedence, and differentiated services codepoint
(DSCP) priority.
Advanced IPv4 ACLs are numbered in the range 3000 to 3999. Compared with
basic IPv4 ACLs, they allow of more flexible and accurate filtering.
Configuration
Prerequisites
If you want to reference a time range to a rule, define it with the time-range
command first.
Configuration Procedure Follow these steps to configure an advanced IPv4 ACL:
To do… Use the command… Remarks
Enter system view system-view --
Create and enter
advanced IPv4 ACL
view
acl number acl-number [ name
acl-name ] [ match-order
{ auto | config }]
Required
The default match order is config.
If you specify a name for an IPv4
ACL when creating the ACL, you
can use the acl name acl-name
command to enter the view of the
ACL later.
Create or modify a rule rule [ rule-id ] { deny | permit }
protocol [ destination
{ dest-addr dest-wildcard | any }
| destination-port operator
port1 [ port2 ] | dscp dscp |
established | fragment |
icmp-type { icmp-type
icmp-code | icmp-message } |
logging | precedence
precedence | reflective | source
{ sour-addr sour-wildcard | any }
| source-port operator port1
[ port2 ] | time-range
time-name | tos tos ] *
Required
To create multiple rules, repeat this
step.
Note that if the ACL is to be
referenced by a QoS policy for
traffic classification, the logging
and reflective keywords are not
supported and the operator
argument cannot be:
neq, if the policy is for the
inbound traffic,
gt, lt, neq or range, if the
policy is for the outbound
traffic.
Set a rule numbering
step
step step-value Optional
The default step is 5.
Create an IPv4 ACL
description
description text Optional
By default, no IPv4 ACL description
is present.
Create a rule
description
rule rule-id comment text Optional
By default, no rule description is
present.

Table of Contents

Related product manuals