Copying an acl, Copying an ipv4 acl – H3C Technologies H3C SR8800 User Manual
Page 20
11
NOTE:
This feature is available only on SPC cards.
User-defined ACLs allow you to customize rules based on information in protocol headers such as the IP
header. You can define a user-defined ACL to deny or permit packets in which a specific number of bytes
after the specified offset (relative to the specified header), matches the specified match pattern after
being ANDed with a match pattern mask.
To configure a user-defined ACL:
Step
Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Set the ACL rule length limit
mode.
acl mode { 3 | 4 }
The default setting is 2.
3.
Create a user-defined ACL
and enter its view.
acl number acl-number [ name
acl-name ]
By default, no ACL exists, and the
match order of a user-defined ACL
is config.
User-defined ACLs are numbered
in the range 5000 to 5999.
You can use the acl name acl-name
command to enter the view of a
user-defined ACL.
4.
Configure a description for
the user-defined ACL.
description text
Optional.
By default, a user-defined ACL has
no ACL description.
5.
Create or edit a rule.
rule [ rule-id ] { deny | permit }
[ { { ipv4 | ipv6 | l2 | l4 } rule-string
rule-mask offset }&<1-8> ]
[ counting | time-range
time-range-name ] *
By default, a user-defined ACL
does not contain any rule.
To create or edit multiple rules,
repeat this step.
6.
Configure or edit a rule
description.
rule rule-id comment text
Optional.
By default, a user-defined ACL rule
has no rule description.
7.
Enable rule match counting
for the user-defined ACL.
hardware-count enable
Optional.
By default, rule match counting is
disabled.
Copying an ACL
You can create an ACL by copying an existing ACL. The new ACL has the same properties and content
as the source ACL, but not the same ACL number and name.
To successfully copy an ACL, make sure that:
•
The destination ACL number is from the same category as the source ACL number.
•
The source ACL already exists but the destination ACL does not.
Copying an IPv4 ACL
To copy an IPv4 ACL: