Copying an acl, Copying an ipv4 acl, Copying an ipv6 acl – H3C Technologies H3C S12500 Series Switches User Manual

12

Copying an ACL

You can create an ACL by copying an existing ACL (source ACL). The new ACL (destination ACL) has the
same properties and content as the source ACL, but not the same ACL number and name.
To successfully copy an ACL, make sure:

•

The destination ACL number is from the same category as the source ACL number.

•

The source ACL already exists but the destination ACL does not.

Copying an IPv4 ACL

Step Command

1.

Enter system view.

system-view

2.

Copy an existing IPv4 ACL to create a new IPv4
ACL.

acl copy { source-acl-number | name source-acl-name }
to { dest-acl-number | name dest-acl-name }

Copying an IPv6 ACL

Step Command

1.

Enter system view.

system-view

2.

Copy an existing IPv6 ACL to generate a new
one of the same category.

acl ipv6 copy { source-acl6-number | name
source-acl6-name } to { dest-acl6-number | name

dest-acl6-name }

Configuring packet filtering with ACLs

You can use an ACL to filter incoming or outgoing IPv4 or IPv6 packets.
With a basic or advanced ACL, you can log filtering events by specifying the logging keyword in the ACL

rules and enabling the counting function. To enable counting for rule matches performed in hardware,

configure the hardware-count enable command for the ACL or specify the counting keyword in the ACL
rules.
You can set the packet filter to periodically send packet filtering logs to the information center as

informational messages. The interval for generating and outputting packet filtering logs is configurable.

The log information includes the number of matching packets and the ACL rules used in an interval. For
more information about the information center, see Network Management and Monitoring

Configuration Guide.

NOTE:

ACLs on VLAN interfaces filter only packets forwarded at Layer 3.