3Com Router 3000 Ethernet FamilyConfiguration Guide Chapter 5 ACL Configuration3Com Corporation5-35.1.5 Basic ACLBasic ACL can only adopt source address information to serve as element for definingACL rule. A basic ACL can be created and basic ACL view be entered by theabove-mentioned ACL command. In basic ACL view, the rule of basic ACL can becreated.The following command can be used to define a basic ACL rule:rule [ rule-id ] { permit | deny | comment text } [ source sour-addr sour-wildcard | any ][ time-range time-name ] [ logging ] [ fragment ] [ vpn-instance vpn-instance-name ]Parameter description:z rule-id: Optional parameter, number of ACL rule, ranging from 0 to 65534. Afterthe number is specified, if the ACL rule related to the number has existed, a newlydefined rule may be used to overwrite the old definition, just as editing an existingACL rule. If the ACL rule related to the number does not exist, use the specifiednumber to create a new rule. When the number is not specified, it indicates to adda new rule. In this case, the system will assign a number automatically for the ACLrule and add the new rule.z permit: Permit qualified data packet.z deny: Discard qualified data packet.z comment text: Specifies a comment for each rule.z source: Optional parameter, used to specify source address information of ACLrule. If it is not specified, it indicates any source address of the packet matches.z source-addr: Source address of data packet, in dotted decimal. Or, “any” may beused to represent source address 0.0.0.0, with wildcard being 255.255.255.255.z source-wildcard: Wildcard of source address, in dotted decimal.z time-range: Optional parameter, used to specify effective time range of ACL.z time-name: Name of ACL effective time range.z logging: Optional parameter, indicating whether to log qualified data packet. Thelog content includes sequence number of access control rule, data packet passedor discarded and the number of data packets.z fragment: Optional parameter, used to specify whether the rule is only valid fornon-first-fragment. When this parameter is included, it indicates the rule is onlyvalid for non-first-fragment.z vpn-instance: Optional parameter specifying the vpn-instance to which thepackets belong. If it is not specified, the ACL rule will be valid for the packets in allthe vpn-instances. If it is specified, the ACL rule will be valid only for the specifiedvpn-instance.For existing ACL rule, if edit is performed with specified ACL rule number, the rest partwill not be affected. For example:First configure an ACL rule:rule 1 deny source 1.1.1.1 0