Delete ACL rules on S series switches

16

Run the undo rule <rule-id> command on an S series switch (except the S1700 switch) to delete specified rules in an ACL.
For example, delete the rule 10 in the ACL 3001 as follows:
[HUAWEI]acl 3001
[HUAWEI-acl-adv-3001]display this
#
acl number 3001
 rule 10 permit gre
 rule 15 deny ip source 10.1.1.0 0.0.0.255 destination 10.1.2.0 0.0.0.255
 rule 20 deny ip source 10.1.2.0 0.0.0.255 destination 10.1.1.0 0.0.0.255
#
return
[HUAWEI-acl-adv-3001]undo rule 10
[HUAWEI-acl-adv-3001]display this
#
acl number 3001
 rule 15 deny ip source 10.1.1.0 0.0.0.255 destination 10.1.2.0 0.0.0.255
 rule 20 deny ip source 10.1.2.0 0.0.0.255 destination 10.1.1.0 0.0.0.255
#
return

Other related questions:
Mechanism for ACL rules on S series switches to take effect
ACL rules on S series switches are classified into the following two modes: An ACL is bound to the traffic policy and delivered to the hardware of the LPU through the first mode. The second mode relates to software processing. An ACL prevents users from logging in through Telnet. After being sent to the CPU, packets are processed in the sequence that is specified during the configuration of the ACL. Rules in an ACL can be matched according to the depth first principle or the configuration order.

Check the number of times an ACL rule matches packets on an S series switch
Run the display acl { <acl-number> | name <acl-name> | all } command on an S series switch (except the S1700 switch) to check the configuration of an ACL.
In the command output, the match-counter field displays the number of times the ACL matches packets. To view the number of times the software-based ACL rule matches the packets, run the display acl command. To view the number of times the hardware-based ACL rule matches the packets, use other methods. For example, to view the number of times the ACL rule matches packets after a traffic policy is enforced, run the statistic enable command in the traffic behavior view to enable the traffic statistics collection in traffic behavior, and then run the display traffic policy statistics command.

ACL configuration on S series switch
An ACL filters packets based on rules. A switch with an ACL configured matches packets based on the rules to obtain the packets of a certain type, and then decides to forward or discard these packets according to the policies used by the service module to which the ACL is applied. The S series switch supports basic ACL (2000-2999), advanced ACL (3000-3999), Layer 2 ACL (4000-4999), user-defined ACL (5000-5999), USER acl (6000-9999), basic ACL6 (2000-2999), and advanced ACL6 (3000-3999). For more information about the ACL feature supported by S series switches, except S1700, click S1720&S2700&S3700&S5700&S6700&S7700&S9700 Common Operation Guide or S1720&S2700&S3700&S5700&S6700&S7700&S9700 Typical Configuration Examples.

Can S series switches deliver ACL rules at Layer 2 and Layer 3 simultaneously
You can match the fields of ACL rules at Layer 2 and Layer 3 in the classifier at the same time. After the configuration, an S series switch can deliver ACL rules at Layer 2 and Layer 3 simultaneously.

Can S series switches implement rate limitation using Layer 2 ACL rules
S series switches can implement rate limitation on traffic using Layer 2 ACL rules. For example, set the maximum bandwidth for the traffic of which the source and destination MAC addresses are 0000-0000-0002 and 0000-0000-0001, respectively, to 4 Mbit/s. [HUAWEI] acl 4000 [HUAWEI-acl-L2-4000] rule permit destination-mac 0000-0000-0001 source-mac 0000-0000-0002 [HUAWEI-acl-L2-4000] quit [HUAWEI] traffic classifier c1 [HUAWEI-classifier-c1] if-match acl 4000 [HUAWEI-classifier-c1] quit [HUAWEI] traffic behavior b1 [HUAWEI-behavior-b1] car cir 4096 [HUAWEI-behavior-b1] quit [HUAWEI] traffic policy p1 [HUAWEI-trafficpolicy-p1] classifier c1 behavior b1 [HUAWEI-trafficpolicy-p1] quit [HUAWEI] interface gigabitethernet 1/0/1 [HUAWEI-GigabitEthernet1/0/1] traffic-policy p1 inbound

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top