Configuring an advanced acl, Configuring an ipv4 advanced acl – H3C Technologies H3C SecPath F1000-E User Manual
Page 27
17
Step
Command
Remarks
4.
Set the rule numbering step.
step step-value
Optional.
5 by default.
5.
Create or edit a rule.
rule [ rule-id ] { deny | permit }
[ counting | fragment | logging |
source { ipv6-address prefix-length
| ipv6-address/prefix-length |
any } | time-range
time-range-name | vpn-instance
vpn-instance-name ] *
By default, an IPv6 basic ACL does
not contain any rule.
To create or edit multiple rules,
repeat this step.
The logging keyword takes effect
only when the module using the
ACL supports logging.
6.
Configure or edit a rule
description.
rule rule-id comment text
Optional.
By default, an IPv6 basic ACL rule
has no rule description.
Configuring an advanced ACL
Configuring an IPv4 advanced ACL
IPv4 advanced ACLs match packets based on source IP addresses, destination IP addresses, packet
priorities, protocols over IP, and other protocol header information, such as TCP/UDP source and
destination port numbers, TCP flags, ICMP message types, and ICMP message codes.
Compared to IPv4 basic ACLs, IPv4 advanced ACLs allow more flexible and accurate filtering.
To configure an IPv4 advanced ACL:
Step
Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Create an IPv4 advanced
ACL and enter its view.
acl number acl-number [ name
acl-name ] [ match-order { auto |
config } ]
By default, no ACL exists.
IPv4 advanced ACLs are
numbered in the range 3000 to
3999.
You can use the acl name acl-name
command to enter the view of a
named IPv4 ACL.
3.
Configure a description for
the IPv4 advanced ACL.
description text
Optional.
By default, an IPv4 advanced ACL
has no ACL description.
4.
Set the rule numbering step.
step step-value
Optional.
5 by default.