HP 6125XLG R2306-HP 6125XLG Blade Switch ACL and QoS Command Reference - Page 28
rule (IPv4 basic ACL view), Related commands, Syntax, Default, Views, Predefined user roles
View all HP 6125XLG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 28 highlights
Related commands • acl • acl logging interval • display acl • step • time-range rule (IPv4 basic ACL view) Use rule to create or edit an IPv4 basic ACL rule. Use undo rule to delete an entire IPv4 basic ACL rule or some attributes in the rule. Syntax rule [ rule-id ] { deny | permit } [ counting | fragment | logging | source { source-address source-wildcard | any } | time-range time-range-name | vpn-instance vpn-instance-name ] * undo rule rule-id [ counting | fragment | logging | source | time-range | vpn-instance ] * Default An IPv4 basic ACL does not contain any rule. Views IPv4 basic ACL view Predefined user roles network-admin Parameters rule-id: Specifies a rule ID in the range of 0 to 65534. If no rule ID is provided when you create an ACL rule, the system automatically assigns it a rule ID. This rule ID is the nearest higher multiple of the numbering step to the current highest rule ID, starting from 0. For example, if the rule numbering step is 5 and the current highest rule ID is 28, the rule is numbered 30. deny: Denies matching packets. permit: Allows matching packets to pass. counting: Counts the number of times the IPv4 basic ACL rule has been matched. The counting keyword enables match counting specific to rules, and the hardware-count keyword in the packet-filter command enables match counting for all rules in an ACL. If the counting keyword is not specified, matches for the rule are not counted. fragment: Applies the rule only to non-first fragments. A rule without this keyword applies to both fragments and non-fragments. logging: Logs matching packets. This function is available only when the application module (for example, packet filtering) that uses the ACL supports the logging function. source { source-address source-wildcard | any }: Matches a source address. The source-address source-wildcard arguments represent a source IP address and wildcard mask in dotted decimal notation. A wildcard mask of zeros specifies a host address. The any keyword represents any source IP address. time-range time-range-name: Specifies a time range for the rule. The time-range-name argument is a case-insensitive string of 1 to 32 characters. It must start with an English letter. If the time range is not 23