User's Manual

Table Of Contents
Configuration Guide of XGS-5240-Series
46-3
[window7 <value> <mask>] [window8 <v
alue> <mask>]
no userdefined-access-list <num>
3. Bind the userdefined acl rule to the port
Command
Explanation
Port Mode
[no] userdefined access-group {<name>|
<num>} {in} [traffic-statistic]
Apply userdefined-access-list to one directi
on of the port. Decide whether the statisti
cal counter should be added to the ACL a
ccording to the options. The no command
deletes the configuration bound to the po
rt.
4. Bind the userdefined acl rule to the vlan
Command
Explanation
Global Mode
[no] vacl userdefined access-group <nu
m> in [traffic-statistic] vlan <vlan-id>
Apply userdefined-access-list to one directi
on of the vlan. Decide whether the statisti
cal counter should be added to the ACL a
ccording to the options. The no command
deletes the configuration bound to the vla
n.
46.3 Self-defined ACL Example
Scenario 1:
The user has the following configuration requirement: The packet whose first and s
econd byte is 0x0003 is not allowed forwarding on port 1 of the switch.
Configuration description:
1. Create a self-defined ACL template according to condition
2. Create a corresponding self-defined ACL
3. Bind the self-defined ACL to the port
The configuration steps are listed below:
Switch(config)#userdefined-access-list standard offset window1 0
Switch(config)#userdefined-access-list standard 1200 deny window1 0003 FFFF
Switch(config)#
Switch(config)#firewall enable