Operation Manual – ACL
H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1
ACL Configuration
1-17
rule. And the existing settings remain unchanged if the corresponding settings are
not specified in the command.
z If the ACL rule identified by the rule-id argument does not exist, you will create a
new rule.
z The content of a modified or created rule cannot be identical with the content of
any existing rules; otherwise the rule modification or creation will fail, and the
system prompts that the rule already exists.
If you do not specify the rule-id argument when creating an ACL rule, the rule will be
numbered automatically.
1.6.3 Configuration Example
# Configure ACL 5001 to deny all the TCP packets. The ACL is active from 18:00 to
23:00 on each Saturday(The VLAN VPN function not enabled).
<H3C> system-view
[H3C] time-range t1 18:00 to 23:00 sat
[H3C] acl number 5001
[H3C-acl-user-5001] rule 25 deny 06 ff 27 time-range t1
[H3C-acl-user-5001] display acl 5001
User defined ACL 5001, 1 rules
Acl's step is 1
rule 25 deny 06 ff 27 time-range t1 (Inactive)
1.7 Applying ACLs on Ports
By applying ACLs on ports, you can filter outbound or inbound packets on the
corresponding ports.
1.7.1 Configuration Preparation
You need to define an ACL before applying it on a port. For information about defining
an ACL, refer to section
1.3 “Basic ACL Configuration”, section 1.4 “Advanced ACL
Configuration
”, section 1.5 “Layer 2 ACL Configuration”, and section 1.6
“User-Defined ACL Configuration”.
1.7.2 Configuration Procedure
Table 1-16 Apply an ACL on a port
Operation Command Description
Enter system view
system-view
—
Enter Ethernet port
view
interface interface-type interface-number
—
To Next Page
Loading...
Need help?
General