1-18
z If the ACL is created with the auto keyword specified, the newly created rules will be inserted in the
existent ones by depth-first principle, but the numbers of the existent rules are unaltered.
Examples
# Create advanced ACL 3000 and define rule 1 to deny packets with the source IP address of
192.168.0.1 and DSCP priority of 46.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] acl number 3000
[Sysname-acl-adv-3000] rule 1 deny ip source 192.168.0.1 0 dscp 46
[Sysname-acl-adv-3000] quit
# Create advanced ACL 3001 and define rule 1 to permit TCP packets that are sourced from network
129.9.0.0/16, destined for network 202.38.160.0/24, and using the destination port number of 80.
[Sysname] acl number 3001
[Sysname-acl-adv-3001] rule 1 permit tcp source 129.9.0.0 0.0.255.255 destination
202.38.160.0 0.0.0.255 destination-port eq 80
After completing the above configuration, you can use the display acl command to view the
configuration information of the ACLs.
rule (for Layer 2 ACLs)
Syntax
rule [ rule-id ] { deny | permit } [ rule-string ]
undo rule rule-id
View
Layer 2 ACL view
Parameters
rule-id: ACL rule ID, in the range of 0 to 65534.
deny: Drops the matched packets.
permit: Permits the matched packets.
rule-string: ACL rule information, which can be a combination of the arguments/keywords described in
Table 1-15.
Table 1-15 Layer 2 ACL rule information
Parameters Type Function Description
format-type
Link layer
encapsulation type
Specifies the link
layer encapsulation
type in the rule
This argument can be
802.3/802.2, 802.3,
ether_ii, or snap.
To Next Page
Loading...
Need help?
General