H3C Technologies H3C S12500 Series Switches User Manual

Page 35

Advertising
background image

22

Step Command

Remarks

10.

Create an IPv4 ACL rule
to match a specific IP

subnet.

Create an IPv4 basic ACL rule:

rule [ rule-id ] { deny | permit } [ fragment |

logging | counting | source { sour-addr
sour-wildcard | any } | time-range

time-range-name | vpn-instance

vpn-instance-name ]

Create an IPv4 advanced ACL rule:

rule [ rule-id ] { deny | permit } protocol

[ { { ack ack-value | fin fin-value | psh
psh-value | rst rst-value | syn syn-value | urg

urg-value } * | established } | destination

{ dest-addr dest-wildcard | any } |

destination-port operator port1 [ port2 ] |
dscp dscp | fragment | icmp-type

{ icmp-type icmp-code | icmp-message } |

logging | counting | precedence precedence
| source { sour-addr sour-wildcard | any } |

source-port operator port1 [ port2 ] |

time-range time-range-name | tos tos |
vpn-instance vpn-instance-name ] *

Use either command.
You must configure at

least the source IPv4
address and subnet mask.
For more information
about the rule command,

see ACL and QoS
Command Reference.

11.

Return to system view.

quit

N/A

12.

Create a class.

traffic classifier tcl-name [ operator { and | or } ]

By default, the operator of
a class is AND.

13.

Use the IPv4 basic or
advanced ACL as the

match criteria of the
class.

if-match acl { acl-number | name acl-name }

N/A

14.

Configure the class to
match ARP packets.

if-match protocol arp

For more information
about the if-match

command, see ACL and

QoS Command
Reference.

15.

Return to system view.

quit

N/A

16.

Create a class.

traffic classifier tcl-name [ operator { and | or } ] N/A

17.

Use the IPv4 basic or
advanced ACL as the

match criteria of the

class.

if-match acl {acl-number | name acl-name }

N/A

18.

Return to system view.

quit

N/A

19.

Create a traffic behavior. traffic behavior behavior-name

N/A

20.

Configure the traffic
behavior to mark

matching packets with a
specific VLAN.

remark service-vlan-id vlan-id-value

N/A

21.

Return to system view.

quit

N/A

22.

Create a policy and
enter policy view.

qos policy policy-name

N/A

Advertising
This manual is related to the following products:

H3C S9500E Series Switches, H3C SecPath F5020, H3C SecPath F5040, H3C VMSG VFW1000

Popular Brands
Popular manuals