Operation Manual – ACL
Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 ACL Configuration
Huawei Technologies Proprietary
1-14
1.6.2 Configuration Procedure
Table 1-11 Define a user-defined ACL rule
Operation Command Description
Enter system view
system-view
—
Create or enter
user-defined ACL
view
acl number acl-number
Required
Define an ACL rule
rule [ rule-id ] { permit |
deny } [ rule-string rule-mask
offset ] &<1-8> [ time-range
name ]
Required
Define the
description for the
ACL rule
description text
Optional
Define a comment
string for the ACL
rule
rule rule-id comment text
Optional
Display ACL
information
display acl { all |
acl-number }
Optional
This command can be
executed in any view.
Note:
Take the following into consideration when configuring the offset parameter:
z The packets processed by the switch have VLAN tags. One VLAN tag occupies 4
bytes.
z If VLAN VPN is disabled, the packets processed by the switch have 4 bytes of VLAN
tag.
z If VLAN VPN is enabled, a 4 bytes of VLAN tag is added to the packets that the
switch receives. The packets will have two VALN tags no matter the received
packets have VLAN tag or not.
When you specify the rule ID by using the rule command, note that:
z You can specify an existing rule ID to modify the corresponding rule. ACEs that
are not modified remain unchanged.
z You can create a rule by specifying an ID that identifies no rule.
z You will fail to create a rule if the newly created rule is the same as an existing one.
If you do not specify the rule ID when creating an ACL rule, the rule ID of the newly
created rule is assigned by the system.
To Next Page
Loading...
Need help?
General