Operation Manual – ACL
H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1
ACL Configuration
1-12
Name ICMP type ICMP code
source-route-failed Type=3 Code=5
timestamp-reply Type=14 Code=0
timestamp-request Type=13 Code=0
ttl-exceeded Type=11 Code=0
When you define an ACL rule using the rule command with the rule-id argument
provided,
z If the ACL is created with the config keyword specified and the rule identified by
the rule-id argument exists, the settings specified in the rule command overwrite
the counterparts of the existing rule (other settings of the rule remain unchanged).
If the ACL is created the auto keyword specified, the rules of the ACL cannot be
edited. In this case, the system will prompt errors when you execute the rule
command.
z If the ACL rule identified by the rule-id argument does not exist, you will create a
new rule.
z The content of a modified or created rule cannot be identical with the content of
any existing rules; otherwise the rule modification or creation will fail, and the
system prompts that the rule already exists.
If you do not specify the rule-id argument when creating an ACL rule, the rule will be
numbered automatically.
1.4.3 Configuration Example
# Configure ACL 3000 to permit the TCP packets sourced from the network 129.9.0.0
and destined for the network 202.38.160.0 and with the destination port number being
80.
<H3C> system-view
[H3C] acl number 3000
[H3C-acl-adv-3000] rule permit tcp source 129.9.0.0 0.0.255.255 destination
202.38.160.0 0.0.0.255 destination-port eq 80
[H3C-acl-adv-3000] display acl 3000
Advanced ACL 3000, 1 rule
Acl's step is 1
rule 0 permit tcp source 129.9.0.0 0.0.255.255 destination 202.38.160.0
0.0.0.255 destination-port eq www
1.5 Layer 2 ACL Configuration
Layer 2 ACLs filter packets according to their Layer 2 information, such as the source
and destination MAC addresses, VLAN priority, and Layer 2 protocol types.
To Next Page
Loading...
Need help?
General