HP 6125XLG R2306-HP 6125XLG Blade Switch ACL and QoS Command Reference - Page 28

rule (IPv4 basic ACL view), Related commands, Syntax, Default, Views, Predefined user roles

Get HP 6125XLG PDF manuals and user guides View all HP 6125XLG manuals
Add to My Manuals
Save this manual to your list of manuals

Page 28 highlights

Related commands • acl • acl logging interval • display acl • step • time-range rule (IPv4 basic ACL view) Use rule to create or edit an IPv4 basic ACL rule. Use undo rule to delete an entire IPv4 basic ACL rule or some attributes in the rule. Syntax rule [ rule-id ] { deny | permit } [ counting | fragment | logging | source { source-address source-wildcard | any } | time-range time-range-name | vpn-instance vpn-instance-name ] * undo rule rule-id [ counting | fragment | logging | source | time-range | vpn-instance ] * Default An IPv4 basic ACL does not contain any rule. Views IPv4 basic ACL view Predefined user roles network-admin Parameters rule-id: Specifies a rule ID in the range of 0 to 65534. If no rule ID is provided when you create an ACL rule, the system automatically assigns it a rule ID. This rule ID is the nearest higher multiple of the numbering step to the current highest rule ID, starting from 0. For example, if the rule numbering step is 5 and the current highest rule ID is 28, the rule is numbered 30. deny: Denies matching packets. permit: Allows matching packets to pass. counting: Counts the number of times the IPv4 basic ACL rule has been matched. The counting keyword enables match counting specific to rules, and the hardware-count keyword in the packet-filter command enables match counting for all rules in an ACL. If the counting keyword is not specified, matches for the rule are not counted. fragment: Applies the rule only to non-first fragments. A rule without this keyword applies to both fragments and non-fragments. logging: Logs matching packets. This function is available only when the application module (for example, packet filtering) that uses the ACL supports the logging function. source { source-address source-wildcard | any }: Matches a source address. The source-address source-wildcard arguments represent a source IP address and wildcard mask in dotted decimal notation. A wildcard mask of zeros specifies a host address. The any keyword represents any source IP address. time-range time-range-name: Specifies a time range for the rule. The time-range-name argument is a case-insensitive string of 1 to 32 characters. It must start with an English letter. If the time range is not 23

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
23
Related commands
acl
acl
logging
interval
display
acl
step
time-range
rule (IPv4 basic ACL view)
Use
rule
to create or edit an IPv4 basic ACL rule.
Use
undo
rule
to delete an entire IPv4 basic ACL rule or some attributes in the rule.
Syntax
rule
[
rule-id
] {
deny
|
permit
} [
counting
|
fragment
|
logging
|
source
{
source-address
source-wildcard
|
any
} |
time-range
time-range-name
|
vpn-instance
vpn-instance-name
] *
undo
rule
rule-id
[
counting
|
fragment
|
logging
|
source
|
time-range
|
vpn-instance
] *
Default
An IPv4 basic ACL does not contain any rule.
Views
IPv4 basic ACL view
Predefined user roles
network-admin
Parameters
rule-id
: Specifies a rule ID in the range of 0 to 65534. If no rule ID is provided when you create an ACL
rule, the system automatically assigns it a rule ID. This rule ID is the nearest higher multiple of the
numbering step to the current highest rule ID, starting from 0. For example, if the rule numbering step is
5 and the current highest rule ID is 28, the rule is numbered 30.
deny
: Denies matching packets.
permit
: Allows matching packets to pass.
counting
: Counts the number of times the IPv4 basic ACL rule has been matched. The
counting
keyword
enables match counting specific to rules, and the
hardware-count
keyword in the
packet-filter
command
enables match counting for all rules in an ACL. If the
counting
keyword is not specified, matches for the
rule are not counted.
fragment
: Applies the rule only to non-first fragments. A rule without this keyword applies to both
fragments and non-fragments.
logging
: Logs matching packets. This function is available only when the application module (for
example, packet filtering) that uses the ACL supports the logging function.
source
{
source-address
source-wildcard
|
any
}: Matches a source address. The
source-address
source-wildcard
arguments represent a source IP address and wildcard mask in dotted decimal notation.
A wildcard mask of zeros specifies a host address. The
any
keyword represents any source IP address.
time-range
time-range-name
: Specifies a time range for the rule. The
time-range-name
argument is a
case-insensitive string of 1 to 32 characters. It must start with an English letter. If the time range is not