3 configuration example, 3 configuration example -11 – H3C Technologies H3C S3100 Series Switches User Manual

Operation Manual – ACL

H3C S3100-52P Ethernet Switch

Chapter 1 ACL Configuration

1-11

Name

ICMP type

ICMP code

protocol-unreachable Type=3

Code=2

reassembly-timeout Type=11

Code=1

source-quench Type=4

Code=0

source-route-failed Type=3

Code=5

timestamp-reply Type=14

Code=0

timestamp-request Type=13

Code=0

ttl-exceeded Type=11

Code=0

When you define an ACL rule using the rule command with the rule-id argument
provided,

z

If the ACL rule identified by the rule-id argument already exists, the settings
specified in the rule command overwrite the corresponding settings of the existing
rule. And the existing settings remain unchanged if the corresponding settings are
not specified in the command.

z

If the ACL rule identified by the rule-id argument does not exist, you will create a
new rule.

z

The content of a modified or created rule cannot be identical with the content of
any existing rules; otherwise the rule modification or creation will fail, and the
system prompts that the rule already exists.

If you do not specify the rule-id argument when creating an ACL rule, the rule will be
numbered automatically.

1.4.3 Configuration Example

# Configure ACL 3000 to permit the packets sourced from the network 129.9.0.0 and
destined for the network 202.38.160.0 and with the destination port number being 80.

<H3C>system-view

[H3C] acl number 3000

[H3C-acl-adv-3000] rule permit tcp source 129.9.0.0 0.0.255.255 destination

202.38.160.0 0.0.0.255 destination-port eq 80

[H3C-acl-adv-3000] display acl 3000

Advanced ACL 3000, 1 rule

Acl's step is 1

rule 0 permit tcp source 129.9.0.0 0.0.255.255 destination 202.38.160.0

0.0.0.255 destination-port eq www