HP 6125XLG R2306-HP 6125XLG Blade Switch ACL and QoS Command Reference - Page 23
rule (IPv4 advanced ACL view), Usage guidelines, Examples, Related commands, Syntax
View all HP 6125XLG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 23 highlights
source-mac source-address source-mask: Matches a source MAC address range. The source-address argument represents a source MAC address, and the sour-mask argument represents a mask in the H-H-H format. time-range time-range-name: Specifies a time range for the rule. The time-range-name argument is a case-insensitive string of 1 to 32 characters. It must start with an English letter. If the time range is not configured, the system creates the rule. However, the rule using the time range can take effect only after you configure the timer range. For more information about time range, see ACL and QoS Configuration Guide. Usage guidelines When an Ethernet frame header ACL is for QoS traffic classification or packet filtering, the lsap-type argument must be AAAA, and the lsap-type-mask argument must be FFFF. Otherwise, the ACL cannot be applied correctly. Within an ACL, the permit or deny statement of each rule must be unique. If the ACL rule you are creating or editing has the same deny or permit statement as another rule in the ACL, your creation or editing attempt fails. You can edit ACL rules only when the match order is config. If no optional keywords are provided for the undo rule command, you delete the entire rule. If optional keywords or arguments are provided, you delete the specified attributes. To view rules in an ACL and their rule IDs, use the display acl all command. Examples # Create a rule in Ethernet frame header ACL 4000 to permit ARP packets and deny RARP packets. system-view [Sysname] acl number 4000 [Sysname-acl-ethernetframe-4000] rule permit type 0806 ffff [Sysname-acl-ethernetframe-4000] rule deny type 8035 ffff Related commands • acl • display acl • step • time-range rule (IPv4 advanced ACL view) Use rule to create or edit an IPv4 advanced ACL rule. Use undo rule to delete an entire IPv4 advanced ACL rule or some attributes in the rule. Syntax rule [ rule-id ] { deny | permit } protocol [ { { ack ack-value | fin fin-value | psh psh-value | rst rst-value | syn syn-value | urg urg-value } * | established } | counting | destination { dest-address dest-wildcard | any } | destination-port operator port1 [ port2 ] | { dscp dscp | { precedence precedence | tos tos } * } | fragment | icmp-type { icmp-type [ icmp-code ] | icmp-message } | logging | source { source-address source-wildcard | any } | source-port operator port1 [ port2 ] | time-range time-range-name | vpn-instance vpn-instance-name ] * 18