Table of Contents
Advertisement
[Sysname-acl-ethernetframe-4000] rule permit type 0806 ffff
[Sysname-acl-ethernetframe-4000] rule deny type 8035 ffff
rule (IPv4 advanced ACL view)
Syntax
rule [ rule-id ] { deny | permit } protocol [ { { ack ack-value | fin fin-value | psh psh-value | rst rst-value
| syn syn-value | urg urg-value } * } | destination { dest-addr dest-wildcard | any } | destination-port
operator port1 [ port2 ] | dscp dscp | fragment | icmp-type { icmp-type [ icmp-code ] | icmp-message }
| logging | precedence precedence | reflective | source { sour-addr sour-wildcard | any } | source-port
operator port1 [ port2 ] | time-range time-range-name | tos tos | vpn-instance vpn-instance-name ] *
undo rule rule-id [ { { ack | fin | psh | rst | syn | urg } * } | destination | destination-port | dscp |
fragment | icmp-type | logging | precedence | reflective | source | source-port | time-range | tos |
vpn-instance ] *
View
IPv4 advanced ACL view
Default level
2: System level
Parameters
rule-id: Specifies a rule ID, in the range of 0 to 65534. If no rule ID is provided when you create an ACL
rule, the system automatically assigns it a rule ID. This rule ID takes the nearest higher multiple of the
numbering step to the current highest rule ID, starting from 0. For example, if the rule numbering step is
5 and the current highest rule ID is 28, the rule is numbered 30.
deny: Denies matching packets.
permit: Allows matching packets to pass.
protocol: Protocol carried by IPv4. It can be a number in the range of 0 to 255, or in words, gre (47),
icmp (1), igmp (2), ip, ipinip (4), ospf (89), tcp (6), or udp (17).
can specify regardless of the value that the protocol argument takes.
Table 3 Match criteria and other rule information for IPv4 advanced ACL rules
Parameters
source
{ sour-addr
sour-wildcard |
any }
destination
{ dest-addr
dest-wildcard |
any }
precedence
precedence
tos tos
Function
Description
The sour-addr sour-wildcard arguments represent a source IP address
and wildcard mask in dotted decimal notation. An all-zero wildcard
Specifies a source
specifies a host address.
address
The any keyword specifies any source IP address.
The dest-addr dest-wildcard arguments represent a destination IP
Specifies a
address and wildcard mask in dotted decimal notation. An all-zero
destination
wildcard specifies a host address.
address
The any keyword represents any destination IP address.
The precedence argument can be a number in the range of 0 to 7, or
Specifies an IP
in words, routine (0), priority (1), immediate (2), flash (3),
precedence value
flash-override (4), critical (5), internet (6), or network (7).
The tos argument can be a number in the range of 0 to 15, or in
Specifies a ToS
words, max-reliability (2), max-throughput (4), min-delay (8),
preference
min-monetary-cost (1), or normal (0).
Table 3
8
describes the parameters that you
Advertisement
Table of Contents
