HP 6125XLG R2306-HP 6125XLG Blade Switch ACL and QoS Command Reference - Page 23

rule (IPv4 advanced ACL view), Usage guidelines, Examples, Related commands, Syntax

Get HP 6125XLG PDF manuals and user guides View all HP 6125XLG manuals
Add to My Manuals
Save this manual to your list of manuals

Page 23 highlights

source-mac source-address source-mask: Matches a source MAC address range. The source-address argument represents a source MAC address, and the sour-mask argument represents a mask in the H-H-H format. time-range time-range-name: Specifies a time range for the rule. The time-range-name argument is a case-insensitive string of 1 to 32 characters. It must start with an English letter. If the time range is not configured, the system creates the rule. However, the rule using the time range can take effect only after you configure the timer range. For more information about time range, see ACL and QoS Configuration Guide. Usage guidelines When an Ethernet frame header ACL is for QoS traffic classification or packet filtering, the lsap-type argument must be AAAA, and the lsap-type-mask argument must be FFFF. Otherwise, the ACL cannot be applied correctly. Within an ACL, the permit or deny statement of each rule must be unique. If the ACL rule you are creating or editing has the same deny or permit statement as another rule in the ACL, your creation or editing attempt fails. You can edit ACL rules only when the match order is config. If no optional keywords are provided for the undo rule command, you delete the entire rule. If optional keywords or arguments are provided, you delete the specified attributes. To view rules in an ACL and their rule IDs, use the display acl all command. Examples # Create a rule in Ethernet frame header ACL 4000 to permit ARP packets and deny RARP packets. system-view [Sysname] acl number 4000 [Sysname-acl-ethernetframe-4000] rule permit type 0806 ffff [Sysname-acl-ethernetframe-4000] rule deny type 8035 ffff Related commands • acl • display acl • step • time-range rule (IPv4 advanced ACL view) Use rule to create or edit an IPv4 advanced ACL rule. Use undo rule to delete an entire IPv4 advanced ACL rule or some attributes in the rule. Syntax rule [ rule-id ] { deny | permit } protocol [ { { ack ack-value | fin fin-value | psh psh-value | rst rst-value | syn syn-value | urg urg-value } * | established } | counting | destination { dest-address dest-wildcard | any } | destination-port operator port1 [ port2 ] | { dscp dscp | { precedence precedence | tos tos } * } | fragment | icmp-type { icmp-type [ icmp-code ] | icmp-message } | logging | source { source-address source-wildcard | any } | source-port operator port1 [ port2 ] | time-range time-range-name | vpn-instance vpn-instance-name ] * 18

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
18
source-mac
source-address
source-mask:
Matches a source MAC address range. The
source-address
argument represents a source MAC address, and the
sour-mask
argument represents a mask in the H-H-H
format.
time-range
time-range-name
: Specifies a time range for the rule. The
time-range-name
argument is a
case-insensitive string of 1 to 32 characters. It must start with an English letter. If the time range is not
configured, the system creates the rule. However, the rule using the time range can take effect only after
you configure the timer range. For more information about time range, see
ACL and QoS Configuration
Guide
.
Usage guidelines
When an Ethernet frame header ACL is for QoS traffic classification or packet filtering, the
lsap-type
argument must be AAAA, and the
lsap-type-mask
argument must be FFFF. Otherwise, the ACL cannot be
applied correctly.
Within an ACL, the permit or deny statement of each rule must be unique. If the ACL rule you are creating
or editing has the same deny or permit statement as another rule in the ACL, your creation or editing
attempt fails.
You can edit ACL rules only when the match order is config. If no optional keywords are provided for the
undo rule
command, you delete the entire rule. If optional keywords or arguments are provided, you
delete the specified attributes.
To view rules in an ACL and their rule IDs, use the
display acl all
command.
Examples
# Create a rule in Ethernet frame header ACL 4000 to permit ARP packets and deny RARP packets.
<Sysname> system-view
[Sysname] acl number 4000
[Sysname-acl-ethernetframe-4000] rule permit type 0806 ffff
[Sysname-acl-ethernetframe-4000] rule deny type 8035 ffff
Related commands
acl
display
acl
step
time-range
rule (IPv4 advanced ACL view)
Use
rule
to create or edit an IPv4 advanced ACL rule.
Use
undo
rule
to delete an entire IPv4 advanced ACL rule or some attributes in the rule.
Syntax
rule
[
rule-id
] {
deny
|
permit
}
protocol
[ { {
ack
ack-value
|
fin
fin-value
|
psh
psh-value
|
rst
rst-value
|
syn
syn-value
|
urg
urg-value
} * |
established
} |
counting
|
destination
{
dest-address
dest-wildcard
|
any
} |
destination-port
operator
port1
[
port2
] | {
dscp
dscp
| {
precedence
precedence
|
tos
tos
}
* } |
fragment
|
icmp-type
{
icmp-type
[
icmp-code
] |
icmp-message
} |
logging
|
source
{
source-address
source-wildcard
|
any
} |
source-port
operator
port1
[
port2
] |
time-range
time-range-name
|
vpn-instance
vpn-instance-name
] *