1-13
rule (basic ACL view)
Syntax
rule [ rule-id ] { deny | permit } [ fragment | logging | source { sour-addr sour-wildcard | any } |
time-range time-range-name ] *
undo rule rule-id [ fragment | logging | source | time-range ] *
View
Basic ACL view
Default Level
2: System level
Parameters
rule-id: Specifies a rule ID, which ranges from 0 to 65534. If no rule ID is specified when you create an
ACL rule, assigns it a rule ID. This rule ID takes the nearest higher multiple of the numbering step to the
current highest rule ID, starting from 0. For example, if the rule numbering step is 5 and the current
highest rule ID is 28, the rule is numbered 30.
deny: Drops matching packets.
permit: Allows matching packets to pass.
fragment: Indicates that the rule applies to only non-first fragments. A rule without this keyword applies
to all fragments and non-fragments.
logging: Generates log entries for matched packets.
source { sour-addr sour-wildcard | any }: Matches a source address. The sour-addr sour-wildcard
arguments represent a source IP address in dotted decimal notation. A wildcard mask of zeros specifies
a host address. The any keyword represents any source IP address.
time-range time-range-name: Specifies a time range for the rule. The time-range-name argument is a
case insensitive string of 1 to 32 characters. It must start with an English letter.
Description
Use the rule command to create or edit a basic ACL rule.
Use the undo rule command to delete an entire basic ACL rule or some attributes in the rule.
By default, a basic ACL does not contain any rule.
If you specify no optional keywords, the undo rule command removes the entire ACL rule; otherwise,
the command removes only the specified criteria. Before performing the undo rule command, you may
use the displ
ay acl command to view the ID of the rule.
When defining ACL rules, you do not need to assign them IDs; the system can automatically assign rule
IDs starting with 0 and increasing in certain rule numbering steps. A rule ID thus assigned is the smallest
multiple of the step that is bigger than the current biggest number. For example, if the rule numbering
step is 5 and the current highest rule ID is 28, the next rule will be numbered 30.
You cannot create a rule with, or modify a rule to have, the same permit/deny statement as an existing
rule in the ACL.
To Next Page
Loading...
Need help?
General