1 configuration preparation, 2 configuration procedure – H3C Technologies H3C S3100 Series Switches User Manual

Operation Manual – ACL

H3C S3100-52P Ethernet Switch

Chapter 1 ACL Configuration

1-15

1.6.1 Configuration Preparation

To configure a time range-based user-defined ACL rule, you need to define the
corresponding time ranges first. For information about time range configuration, refer to
section 1.2 “Time Range Configuration”.

1.6.2 Configuration Procedure

Table 1-14

Define a user-defined ACL rule

Operation

Command

Description

Enter system view

system-view

—

Create a user-defined ACL

or enter user-defined ACL

view

acl number

acl-number

Required

Define an ACL rule

rule

[ rule-id ] { permit |

deny

} [ rule-string

rule-mask

offset ] &<1-8>

[ time-range name ]

Required

Assign a description string to

the ACL

description

text

Optional

Assign a description string to

the ACL rule

rule

rule-id comment text Optional

Display the information

about an ACL or all the ACLs

display

acl { all |

acl-number

}

Optional
This command can be

executed in any view.

Note:

The bytes in packet headers and to be compared with the specified string are
determined by the offset from the beginning of the packet headers. You can specify the
offset through the offset argument when executing the rule command. Note the
following when you specify the offset.

z

Each packet that is processed by a switch internally carries a VLAN tag. A VLAN tag
is four bytes in size.

z

A switch with the VLAN VPN function enabled inserts a VLAN tag to each packet it
processes no matter whether or not the packet already carries a VLAN tag before
being processed. Each packet carries two VLAN tags after being processed by a
switch of this type.

When you define an ACL rule using the rule command with the rule-id argument
provided,