Brief Introduction to ACL 133
Tab le 131 Defining the User-defined ACL
rule-string is a character string defined by a user. It is made up of a
hexadecimal character string with even digits of characters.
rule-mask offset is
used to extract the packet information. Here, rule-mask is rule mask, used for
logical AND operation with bytes from the data packets and corresponding bytes
from the rule-mask and offset determines the start location of the rule-mask in the
packet.
rule-mask offset extracts a character string from the packet and
compares it with the user-defined rule-string to identify and process the matched
packets.
Activating ACL The defined ACL can be active after being activated globally on the Switch. This
function is used to activate the ACL filtering or classify the data transmitted by the
hardware of the Switch.
You can use the following command to activate the defined ACL.
Perform the following configuration in Ethernet Port View.
Tab le 132 Activate ACL
Displaying and
Debugging ACL
After the above configuration, execute display command in all views to display
the running of the ACL configuration, and to verify the effect of the configuration.
Execute reset command in User View to clear the statistics of the ACL module.
Tab le 133 Display and Debug ACL
Operation Command
Enter user-defined ACL view (from System
View)
acl number acl_number [
match-order { config | auto } ]
Add a sub-item to the ACL (from
User-defined ACL View)
rule [ rule_id ] { permit | deny
} { rule_string rule_mask offset
}&<1-8> ]
Delete a sub-item from the ACL (from
User-defined ACL View)
undo rule rule_id
Delete one ACL or all the ACL (from System
View)
undo acl { number acl_number |
all }
Operation Command
Activate an ACL packet-filter { inbound | outbound } { user-group
acl_number [ rule rule ] | ip-group acl_number [ rule
rule [ link-group acl_number rule rule ] ] |
link-group acl_number [ rule rule ] }
Deactivate an ACL undo packet-filter { inbound | outbound } {
user-group acl_number [ rule rule ] | ip-group
acl_number [ rule rule [ link-group acl_number rule
rule ] ] | link-group acl_number [ rule rule ] }
Operation Command
Display the detail information about the
ACL
display acl { all | acl_number }
Display the information about the ACL
running state
display packet-filter { interface {
interface_name | interface_type
interface_num } | unitid unit_id }
Clear ACL counters reset acl counter { all | acl_number }
To Next Page
Loading...
Need help?
General