Configuring a basic acl, Configuring an ipv4 basic acl – H3C Technologies H3C S12500 Series Switches User Manual
Page 14
5
After configuring the ACL operating mode, you must restart the switch to make the configuration take
effect.
To configure the ACL operating mode:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Configure the ACL operating
mode on the EB or EC2
cards.
acl mode { standard | advanced }
By default, EB or EC2 cards
operate in advanced ACL mode.
Configuring a basic ACL
Configuring an IPv4 basic ACL
IPv4 basic ACLs match packets based only on source IP addresses.
To configure an IPv4 basic ACL:
Step
Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Create an IPv4 basic ACL and
enter its view.
acl number acl-number [ name
acl-name ] [ match-order { auto |
config } ]
By default, no ACL exists.
IPv4 basic ACLs are numbered in
the range 2000 to 2999.
You can use the acl name acl-name
command to enter the view of a
named IPv4 ACL.
3.
Configure a description for
the IPv4 basic ACL.
description text
Optional.
By default, an IPv4 basic ACL has
no ACL description.
4.
Set the rule numbering step.
step step-value
Optional.
The default setting is 5.
5.
Create or edit a rule.
rule [ rule-id ] { deny | permit }
[ counting | fragment | logging |
source { sour-addr sour-wildcard |
any } | time-range
time-range-name | vpn-instance
vpn-instance-name ] *
By default, an IPv4 basic ACL does
not contain any rule.
The logging keyword supports only
the packet filter function.
When the device is a PE device,
the packets at the private network
side of a VPN cannot match the
vpn-instance vpn-instance-name
option. When the device is a MCE
device, packets of a VPN cannot
match the vpn-instance
vpn-instance-name option. For
more information about PE devices
and MCE devices, see MPLS
Configuration Guide.