Configuring a user-defined acl – H3C Technologies H3C S12500 Series Switches User Manual

Page 20

Advertising
background image

11

Configuring a user-defined ACL

User-defined ACLs allow you to customize rules based on information in protocol headers. You can
define a user-defined ACL to match packets in which a specific number of bytes after the specified offset

(relative to the specified header), matches the specified match pattern after being ANDed with a match

pattern mask.
To configure a user-defined ACL:

Step

Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enable the 80-byte ACL rule
match mode.

acl ipv6 enable

The default setting is 40 bytes on
an EC1 or EF card.
This command is valid only for an
EC1 or EF card. To support

user-defined, IPv6 basic, and IPv6

advanced ACLs on an EC1 or EF
card, you must configure this

command first.

3.

Create a user-defined ACL
and enter its view.

acl number acl-number [ name
acl-name ]

By default, no ACL exists. The rule
order of a user-defined ACL is

config.
User-defined ACLs are numbered
in the range 5000 to 5999.
You can use the acl name acl-name
command to enter the view of a

user-defined ACL.

4.

Configure a description for
the user-defined ACL.

description text

Optional.
By default, a user-defined ACL has

no ACL description.

5.

Create or edit a rule.

rule [ rule-id ] { deny | permit }
[ { { ipv4 | ipv6 | l2 | l4 }

rule-string rule-mask
offset }&<1-8> ] [ time-range

time-range-name ] [ counting ]

By default, a user-defined ACL
does not contain any rule.

6.

Add or edit a rule comment.

rule rule-id comment text

Optional.
By default, a user-defined ACL rule
has no rule description.

7.

Add or edit a rule range

remark.

rule [ rule-id ] remark text

Optional.
By default, no rule range remarks
are configured.

8.

Enable rule match counting

for the user-defined ACL.

hardware-count enable

Optional.
By default, rule matching counting
is disabled.

Make sure all member switches of an IRF fabric are using the same ACL rule match mode. Therefore, you

must configure the acl ipv6 enable command on both switches, or the acl ipv6 disable command on both
switches. For information about IRF, see IRF Configuration Guide.

Advertising
This manual is related to the following products:

H3C S9500E Series Switches, H3C MSR 5600, H3C MSR 50, H3C MSR 3600, H3C MSR 30, H3C MSR 2600, H3C MSR 20-2X[40], H3C MSR 20-1X, H3C MSR 930, H3C MSR 900

Popular Brands
Popular manuals