Configuring an advanced acl, Configuring an ipv4 advanced acl – H3C Technologies H3C S7500E Series Switches User Manual

1-9

To do…

Use the command…

Remarks

Configure or edit a rule description rule rule-id comment text

Optional

By default, an IPv6 basic ACL rule

has no rule description.

Note that:

z

You can only modify the existing rules of an ACL that uses the match order of config. When

modifying a rule of such an ACL, you may choose to change just some of the settings, in which

case the other settings remain the same.

z

You cannot create a rule with, or modify a rule to have, the same permit/deny statement as an

existing rule in the ACL.

z

When the ACL match order is auto, a newly created rule will be inserted among the existing rules

in the depth-first match order. Note that the IDs of the rules still remain the same.

You can modify the match order of an IPv6 ACL with the acl ipv6 number acl6-number [ name

acl6-name ] match-order { auto | config } command but only when it does not contain any rules.

Configuring an Advanced ACL

Configuring an IPv4 advanced ACL

IPv4 advanced ACLs match packets based on source and destination IP addresses, protocols over IP,

and other protocol header information, such as TCP/UDP source and destination port numbers, TCP

flags, ICMP message types, and ICMP message codes.

IPv4 advanced ACLs also allow you to filter packets based on three priority criteria: type of service

(ToS), IP precedence, and differentiated services codepoint (DSCP) priority.

Compared with IPv4 basic ACLs, IPv4 advanced ACLs allow of more flexible and accurate filtering.

Follow these steps to configure an IPv4 advanced ACL:

To do…

Use the command…

Remarks

Enter system view

system-view

––