Manualshelf

Command Reference Guide

ManualsBrandsHP ManualsRoutersHP 5000 Router Series
2251225222532254225522562257225822592260
256rule 3Com Router 5000 Family and Router 6000 Family
Command Reference
rule
Purpose Use the rule command to add a rule in current ACL view.
Use the undo rule command to delete a rule.
Syntax 1)Create or delete a rule of a basic access control list.
rule [ rule-id ] { permit | deny | comment text } source [ sour-addr
sour-wildcard | any ] [ time-range time-name ] [ logging ] [ fragment ]
[ vpn-instance vpn-instance-name ]
undo rule rule-id [ comment text ] [ source ] [ time-range ] [ logging
] [ fragment ] [ vpn-instance vpn-instance-name ]
2)Create or delete a rule of an advanced access control list.
rule [ rule-id ] { permit | deny | comment text } protocol source [
sour-addr sour-wildcard | any ] destination [ dest-addr wildcard | any ] [
source-port operator port1 [ port2 ] ] [ destination-port operator port1
[ port2 ] ] [ icmp-type { icmp-message |icmp-type icmp-code} ] [ dscp dscp ]
[ established ] [ reflect acl-number [ timeout time ] [ precedence
precedence ] [ tos tos ] [ time-range time-name ] [ logging ] [ fragment
] [ vpn-instance ]
undo rule rule-id [ comment text ] [ source ] [ destination ] [
source-port ] [ destination-port ] [ icmp-type ] [ dscp ] [ precedence
] [ tos ] [ time-range ] [ logging ] [ fragment ] [ vpn-instance
vpn-instance-name ]
3)Create or delete a rule of an interface-based ACL rule.
rule [ rule-id ] { permit | deny | comment
text } interface {
interface-type interface-number | any } [ time-range time-name ] [
logging ]
undo rule rule-id [ comment text ] [ time-range | logging ] *
4)Add/delete a MAC-based ACL rule
rule [ rule-id ] { deny | permit | comment text } [ type type-code
type-mask | lsap lsap-code lsap-mask ] [ source-mac sour-addr sour-mask
] [ dest-mac dest-addr dest-mask ]
undo rule rule-id [ comment text ]
Parameters In the rule command
rule-id
ID of an ACL rule, optional, ranging from 0 to 65534.
If you specify a
rule-id, and the ACL rule related to
the ID already exists, the newly defined rule will
overwrite the existing rule, just as editing the existing
ACL rule. If the
rule-id you specify does not exist, a
new rule number with the specified
rule-id will be
created. If you do not specify the
rule-id, A new
rule will be created and the system will assign a rule-id
to the ACL rule automatically.
deny
Discards matched packets.