No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Fat AP and Cloud AP V200R010C00 Command Reference

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
rule (basic ACL view)

rule (basic ACL view)

Function

The rule command adds or modifies a basic ACL rule.

The undo rule command deletes a basic ACL rule.

By default, no rule is configured for a basic ACL.

Format

rule [ rule-id ] { deny | permit } [ source { source-address source-wildcard | any } | fragment | time-range time-name ] *

undo rule rule-id [ source | time-range | fragment ] *

Parameters

Parameter

Description

Value

rule-id

Specifies the ID of an ACL rule.
  • If the specified rule ID has been created, the new rule is added to the rule with this ID, that is, the old rule is modified. If the specified rule ID does not exist, the device creates a rule and determines the position of the rule according to the ID.
  • If the rule ID is not specified, the device allocates an ID to the new rule. The rule IDs are sorted in ascending order. The device automatically allocates IDs according to the step. The step value is set by using the step command.
NOTE:

ACL rule IDs assigned automatically by the device starts from the step value. The default step value is 5. With this step, the device creates ACL rules with IDs being 5, 10, 15, and so on.

The value is an integer that ranges from 0 to 4294967294.

deny

Denies the packets that match the rule.

-

permit

Permits the packets that match a rule.

-

source { source-address source-wildcard | any }
Indicates the source IP address of packets that match an ACL rule. If this parameter is not specified, packets with any source IP address are matched.
  • source-address: specifies the source IP address of packets.
  • source-wildcard: specifies the wildcard mask of the source IP address.
  • any: indicates any source IP address of packets. That is, the value of source-address is 0.0.0.0 or the value of source-wildcard is 255.255.255.255.

source-address: The value is in dotted decimal notation.

source-wildcard: The value is in dotted decimal notation. The wildcard mask of the source IP address can be 0, equivalent to 0.0.0.0, indicating that the source IP address is the host address.

NOTE:
The wildcard is in dotted decimal format. After the value is converted to a binary number, the value 0 indicates that the IP address needs to be matched and the value 1 indicates that the IP address does not need to be matched. The values 1 and 0 can be discontinuous. For example, the IP address 192.168.1.169 and the wildcard 0.0.0.172 represent the website 192.168.1.x0x0xx01. The value x can be 0 or 1.

time-range time-name

Specifies the name of a time range during which ACL rules take effect.

If this parameter is not specified, ACL rules take effect at any time.

NOTE:

When you specify the time-range parameter to reference a time range to the ACL, if the specified time-name does not exit, the ACL does not take effect.

The value is a string of 1 to 32 characters.

fragment

Indicates that the rule is valid for all fragments. If this parameter is specified, the rule is valid for all fragments.

-

Views

Basic ACL view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

A basic ACL matches packets based on information such as source IP addresses, fragment flags, and time ranges.

The rule command defines the time range and flexibly configures the time ACL rules take effect.

Prerequisites

An ACL has been created before the rule is configured.

Precautions

If the specified rule ID already exists and the new rule conflicts with the original rule, the new rule replaces the original rule.

To modify an existing rule, delete the old rule, and then create a rule. Otherwise, the configuration result may be incorrect.

When you use the undo rule command to delete an ACL rule, the rule ID must exist. If the rule ID is unknown, you can use the display acl command to view the rule ID.

The undo rule command deletes an ACL rule even if the ACL rule is referenced. Exercise caution when you run the undo rule command.

Example

# Add a rule in ACL 2001 to permit the packets from 192.168.32.1.

<Huawei> system-view 
[Huawei] acl 2001 
[Huawei-acl-basic-2001] rule permit source 192.168.32.1 0

# Delete rule 5 from ACL 2001.

<Huawei> system-view 
[Huawei] acl 2001 
[Huawei-acl-basic-2001] undo rule 5
Translation
Download
Updated: 2019-11-21

Document ID: EDOC1100064352

Views: 201813

Downloads: 122

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next