3 configuration example, 7 displaying acl configuration, 3 configuration example -16 – H3C Technologies H3C S3100 Series Switches User Manual

Operation Manual – ACL

H3C S3100-52P Ethernet Switch

Chapter 1 ACL Configuration

1-16

z

If the ACL rule identified by the rule-id argument already exists, the settings
specified in the rule command overwrite the corresponding settings of the existing
rule. And the existing settings remain unchanged if the corresponding settings are
not specified in the command.

z

If the ACL rule identified by the rule-id argument does not exist, you will create a
new rule.

z

The content of a modified or created rule cannot be identical with the content of
any existing rules; otherwise the rule modification or creation will fail, and the
system prompts that the rule already exists.

If you do not specify the rule-id argument when creating an ACL rule, the rule will be
numbered automatically.

1.6.3 Configuration Example

# Configure ACL 5001 to deny all the TCP packets. The ACL is active from 18:00 to
23:00 on each Saturday.

system-view

[H3C] time-range t1 18:00 to 23:00 sat

[H3C] acl number 5001

[H3C-acl-user-5001] rule 25 deny 06 ff 35 time-range t1

[H3C-acl-user-5001] display acl 5001

User defined ACL 5001, 1 rules

Acl's step is 1

rule 25 deny 06 ff 35 time-range t1 (Inactive)

1.7 Displaying ACL Configuration

After the above configuration, you can execute the display commands in any view to
view the ACL running information, so as to verify the configuration.

Table 1-15

Display ACL configuration

Operation

Command

Description

Display a configured ACL

or all the ACLs

display

acl { all | acl-number }

Display a time range or all

the time ranges

display

time-range { all |

time-name

}

These commands

can be executed in

any view.