2-2
that is active from 12:00 to 14:00 on Wednesdays between January 1, 2004 00:00 and December
31, 2004 23:59, you may use the time-range test 12:00 to 14:00 wednesday from 00:00
01/01/2004 to 23:59 12/31/2004 command.
You may create individual time ranges identified with the same name. They are regarded as one time
range whose active period is the result of ORing periodic ones, ORing absolute ones, and ANDing
periodic and absolute ones.
If you do not specify the start time and date, the time range starts from the earliest time that the system
supports, namely 00:00 01/01/1970. If you do not specify the end time and date, the time range ends at
the latest time that the system supports, namely 24:00 12/31/2100.
Configuring a Basic ACL
Basic ACLs match packets based on only source IP address. They are numbered from 2000 to 2999.
Configuration Prerequisites
If you want to reference a time range in a rule, define it with the time-range command first.
Configuration Procedure
Follow these steps to configure a basic ACL:
To do… Use the command… Remarks
Enter system view
system-view
––
Create a basic ACL and enter
its view
acl number acl-number [ name
acl-name ] [ match-order
{ auto | config } ]
Required
The default match order is
config.
If you specify a name for an
ACL when creating the ACL,
you can use the acl name
acl-name command to enter
the view of the ACL later.
Create or modify a rule
rule [ rule-id ] { deny | permit }
[ fragment | logging | source
{ sour-addr sour-wildcard |
any } | time-range
time-range-name ] *
Required
To create or modify multiple
rules, repeat this step.
The logging keyword takes
effect only when the module
using the ACL supports
logging.
Set the rule numbering step
step step-value
Optional
5 by default
Configure a description for the
basic ACL
description text
Optional
By default, a basic ACL has no
ACL description.
Configure a rule description
rule rule-id comment text
Optional
By default, an ACL rule has no
rule description.
Note that:
To Next Page
Loading...
