Configuring an advanced acl, Configuring an ipv4 advanced acl – H3C Technologies H3C S12500 Series Switches User Manual

7

Step

Command

Remarks

8.

Add or edit a rule range
remark.

rule [ rule-id ] remark text

Optional.
By default, no rule range remarks

are configured.

9.

Enable rule match counting
for the IPv6 basic ACL.

hardware-count enable

Optional.
By default, rule matching counting

is disabled.

Configuring an advanced ACL

Configuring an IPv4 advanced ACL

IPv4 advanced ACLs match packets based on source IP addresses, destination IP addresses, packet
priorities, protocols over IP, and other protocol header information, such as TCP/UDP source and

destination port numbers, TCP flags, ICMP message types, and ICMP message codes.
Compared to IPv4 basic ACLs, IPv4 advanced ACLs allow more flexible and accurate filtering.
To configure an IPv4 advanced ACL:

Step

Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Create an IPv4 advanced
ACL and enter its view.

acl number acl-number [ name
acl-name ] [ match-order { auto |

config } ]

By default, no ACL exists.
IPv4 advanced ACLs are

numbered in the range 3000 to
3999.
You can use the acl name acl-name
command to enter the view of a

named IPv4 ACL.

3.

Configure a description for
the IPv4 advanced ACL.

description text

Optional.
By default, an IPv4 advanced ACL

has no ACL description.

4.

Set the rule numbering step.

step step-value

Optional.
The default setting is 5.