1-21
rule-mask: User-defined mask of the ACL rule. It must be an even hexadecimal number containing 2 to
160 hexadecimal numerals and be of the same length as that of the rule-string argument. This
argument is used to perform the logical AND operations with packets.
offset: Mask offset of the rule. It specifies a position in packets, from which the logical AND operation is
to be performed. It ranges from 0 to 79 (in bytes).
Note that:
z The maximum value of the mask offset of the rule becomes one byte less when the rule-string
argument has two more hexadecimal numerals. For example, when the rule-string contains two
hexadecimal numerals, the maximum value of offset is 79 bytes; when the rule-string contains four
hexadecimal numerals, the maximum value of offset is 78 bytes, and so on.
z The valid length of the mask offset is 128 hexadecimal numerals (64 bytes). For example, assume
that you specify a rule string of aa and set its offset to 2. If you continue to specify a rule string of bb,
its offset must be in the range from 3 to 65 bytes. If you set the offset of the rule string aa to 3, the
offset of the rule string bb must be in the range of 4 to 66 bytes, and so on. However, the offset of
the rule string bb cannot be greater than 79 bytes.
z As shown in Table 1-16, the hardware rule of the S3600 series logically divides the rule mask offset
of a user-defined string into multiple offset units, each of which is 4–byte long. Available offset units
fall into eight groups, which are numbered from Offset1 to Offset8.
z With the S3600 series, a user-defined rule string may or may not contain spaces and can be up to
32 bytes in length. It can occupy up to eight mask offset units and any two of the offset units cannot
belong to the same offset group. Otherwise, the ACL cannot be applied successfully.
Table 1-16 Offset units of a user-defined rule string
Offset unit
Offset1 Offset2 Offset3 Offset4 Offset5 Offset6 Offset7 Offset8
0 to 3 4 to 7 8 to 11 12 to 15 16 to 19 20 to 23 24 to 27 28 to 31
2 to 5 6 to 9 10 to 13 14 to 17 18 to 21 22 to 25 26 to 29 30 to 33
6 to 9 10 to 13 14 to 17 18 to 21 22 to 25 26 to 29 30 to 33 34 to 37
12 to 15 16 to 19 20 to 23 24 to 27 28 to 31 32 to 35 36 to 39 40 to 43
20 to 23 24 to 27 28 to 31 32 to 35 36 to 39 40 to 43 44 to 47 48 to 51
30 to 33 34 to 37 38 to 41 42 to 45 46 to 49 50 to 53 54 to 57 58 to 61
42 to 45 46 to 49 50 to 53 54 to 57 58 to 61 62 to 65 66 to 69 70 to 73
56 to 59 60 to 63 64 to 67 68 to 71 72 to 75 76 to 79 0 to 3 4 to 7
&<1-8>: At most eight rules can be defined at one time.
time-range time-name: Specifies a time range within which the ACL rule is valid.
Description
Use the rule command to define an ACL rule.
Use the undo rule command to remove an ACL rule.
To remove an ACL rule using the undo rule command, you need to provide the ID of the ACL rule. You
can obtain the ID of an ACL rule by using the display acl command.
Note that:
To Next Page
Loading...
Need help?
General