Configuring an ethernet frame header acl rule – H3C Technologies H3C SecPath F1000-E User Manual
Page 19
9
Item Description
Source IP Address
Select the Source IP Address box and enter a source IP address and source
wildcard, in dotted decimal notation.
Source Wildcard
Destination IP Address
Select the Destination IP Address box and enter a destination IP address and
destination wildcard, in dotted decimal notation.
Destination Wildcard
VPN Instance
Specify the VPN.
If you select None, the rule applies to only non-VPN packets.
Protocol
Select the protocol to be carried over by IP.
If you select 1 ICMP, you can configure the ICMP message type and code. If you
select 6 TCP or 17 UDP, you can configure the TCP or UDP specific items.
ICMP Message
Specify the ICMP message type and code.
These items are available only when you select 1 ICMP from the Protocol list.
If you select Others from the ICMP Message list, you need to enter values in the
ICMP Type and ICMP Code fields. Otherwise, the two fields will take the default
values, which cannot be changed.
ICMP Type
ICMP Code
TCP Connection Established
If you select this box, the rule matches packets used for establishing and
maintaining TCP connections.
This item is available only when you select 6 TCP from the Protocol list.
On a firewall, a rule with this item configured matches TCP connection packets
with the ACK or RST flag.
Source
Operator
Select the operators and enter the source port numbers and destination port
numbers as required.
These items are available only when you select 6 TCP or 17 UDP from the
Protocol list.
Different operators have different configuration requirements for the port
number fields:
•
None—The following port number fields cannot be configured.
•
inclusive range—The following port number fields must be configured to
define a port range.
•
Other values—The first port number field must be configured and the second
must not.
Port
Destination
Operator
Port
ToS
Specify the ToS preference.
IMPORTANT:
If you configure the IP precedence or
ToS precedence in addition to the DSCP
priority, the DSCP priority takes effect.
Precedence
Specify the IP precedence.
DSCP
Specify the DSCP priority.
Configuring an Ethernet frame header ACL rule
Select Firewall > ACL from the navigation tree. Then, select the Ethernet frame header ACL for which you
want to configure ACL rules from the ACL list in the right pane and click the corresponding
icon in the
Operation column to list all existing rules of the ACL, as shown in
. Click Add to enter the
configuration page for Ethernet frame header ACL rules, as shown in
.