Simplifying acl rule creation using the assistant – H3C Technologies H3C Intelligent Management Center User Manual
Page 793
779
From the ACL Resource list, you can drill down into the Rule Set List to view every rule set for a given ACL.
From the Rule Set List page, you can view information for every rule in a set. From this list, you can also
take action all of the rules in the list, including adding, modifying, copying, deploying, or deleting
existing rule sets. From the Rule Set List, you can also import the contents of a template into a new rule set
of an existing ACL.
ACL Management also provides features for rule management. You can redefine the order of
appearance of rules in a rule set, which can be crucial to its effectiveness when the match order is based
on the order of rule appearance. In addition, ACL Management can optimize rules in a rule set by
making and implementing recommendations for reducing the effect of ACLs on network performance.
ACL Management also simplifies and streamlines the process of managing ACLs on devices. With ACL
Management, you have a single portal for viewing and managing the ACL configurations for all devices
that support ACLs. From the ACL Device List, you can view all devices that support ACLs as well as view
detailed information the ACL configuration for a single device.
The ACL Device configuration page provides you with features for managing ACL configurations for the
selected device. From this page, you can synchronize and refresh the ACL configuration data for the
device as well as modify the ACL configuration polling interval. From the configuration page you can
access the ACL Definitions tab to add or delete ACL definitions, export an ACL to a text file, and apply
an ACL as a packet filter or VLAN packet filter to one or more interfaces on the device.
ACL Management's ACL Deployment wizard provides you with a step-by-step process for successfully
deploying ACLs, ACL uses for packet and VLAN filtering as well as removing ACLs and ACL uses. During
the deployment task configuration process for each of these deployment types, IMC evaluates the
selected devices and ACLs to determine whether or not the task can be executed successfully. IMC
identifies when devices do not match the configuration selections and display warning messages and
evaluation results to guide the successful deployment of ACL resources. In addition, ACL Management
removes from the deployment configuration devices for which the selected action cannot be successfully
executed. Lastly, the ACL Deployment wizard provides you with a facility for viewing and managing all
deployment tasks through the ACL Deployment Task List.
The subnet mask inversion function simplifies the task of configuring IP subnets in ACL rules. You can enter
an IP address and a subnet mask to identify an IP subnet. ACL Management automatically inverts the
subnet mask into a wildcard mask when applying the configuration to devices. This section supposes that
the subnet mask inversion function is enabled.
Simplifying ACL rule creation using the assistant
The ACL Assistant facilitates ACL template rule creation by modularizing various aspects of an ACL rule.
With the ACL Assistant, you can create services, network address groups, and time ranges consisting of
one or more entries. Once created, you can then apply the services, network address groups, and time
ranges to one or more rules of any ACL template in ACL Management.
With Services, you define one or more ports that constitute a service and assign a name to the list of ports.
Then, when creating a rule in a template, you assign the service to one or more rules, which defines the
ports that are permitted or denied based on the parameters configured in the rule(s).
With Net Address Groups, you define a list of one or more IP address and subnet mask combinations.
Then, the address group is assigned to one or more template rules in a template that are imported into
ACL rule sets. The addresses specified in the net address groups become the source or destination
addresses specified in the rules of an ACL.