EasyManuals Logo

H3C S3100 Series Command Manual

H3C S3100 Series
1244 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #615 background imageLoading...
Page #615 background image
1-23
Use the undo rule command to remove an ACL rule.
To remove an ACL rule, you need to specify the ID of the ACL rule. You can use the display acl
command to view the ID of an ACL rule.
Note that:
z You can modify any existent rule of an IPv6 ACL. If you modify only the action to be taken or the
time range, the unmodified part of the rule remains the same. If you modify the content of a
user-defined string, the new string overwrites the original one.
z If you do not specify the rule-id argument when creating an ACL rule, the rule will be numbered
automatically. If the ACL has no rules, the rule is numbered 0; otherwise, the number of the rule will
be the greatest rule number plus one. If the current greatest rule number is 65534, however, the
system will display an error message and you need to specify a number for the rule.
z The content of a modified or created rule cannot be identical with that of any existing rule of the
ACL; otherwise the rule modification or creation will fail, and the system will prompt that the rule
already exists.
z To specify the src-port or dest-port keyword for a rule, you need to specify the ip-protocol
rule-string rule-mask combination as TCP or UDP, that is, 0x06 or 0x11. To specify the
icmpv6-type or icmpv6-code keyword for a rule, you need to specify the ip-protocol rule-string
rule-mask combination as ICMPv6, that is, 0x3a.
Note the following when assigning an IPv6 ACL to the hardware on S3100-EI Series Ethernet switches:
z IPv6 ACLs do not match IPv6 packets with extension headers.
z Do not use IPv6 ACLs with VLAN mapping and trusted port priority.
Example
# Configure an rule for IPv6 ACL 5000, denying packets sent from 3001::1/64 to 3002::1/64.
<Sysname> system-view
[Sysname] acl number 5000
[Sysname-acl-user-5000] rule deny src-ip 3001::1 64 dest-ip 3002::1 64
rule comment
Syntax
rule rule-id comment text
undo rule rule-id comment
View
Advanced ACL view, Layer 2 ACL view, IPv6 ACL view
Parameters
rule-id: ID of the ACL rule, in the range of 0 to 65534.

Table of Contents

Other manuals for H3C S3100 Series

Preview: Operation Manual
Operation Manual1057 pages
Preview: Installation Manual
Installation Manual94 pages
Preview: Operation Manual Product Overview
Operation Manual Product Overview11 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the H3C S3100 Series and is the answer not in the manual?

H3C S3100 Series Specifications

General IconGeneral
BrandH3C
ModelS3100 Series
CategorySwitch
LanguageEnglish

Related product manuals