Creating a basic acl template – H3C Technologies H3C Intelligent Management Center User Manual

793

Creating a basic ACL template

Basic ACLs enable you to create one or more rules based on source IP addresses and subnet masks. A

valid numeric range for assigning ACL Identifiers to basic ACLs is 1-99, 1300-1999, or 2000-2999.
To create a basic ACL template:

1.

Navigate to ACL Template:

a.

Click the Service tab from the tabular navigation system on the top.

b.

Click ACL Management section of the navigation tree on the left.

c.

Click the ACL Template link located under ACL Management on the navigation tree on the left.
The Template List displays in the main pane of the page.

2.

Click Add.

3.

Enter the name for the template in the Template Name field.
A valid length for a template name is 1-32 characters. A template name cannot begin with a
number or a space.

4.

Select a Type field to define the type of ACL template to create.
Options include Basic, Advanced, Link, and User-Defined. Select Basic from the Type list.

5.

Select the match order you want to apply to this ACL template by clicking the radio button to the
left of the Match Order option you want to use. Options include Config and Auto.
If you select Config, IMC matches rules in the order in which they were configured. This feature
works only for the devices that support it. If you select Auto, IMC matches rules based on the
principle of depth priority.

6.

Enter a brief description for this ACL template in the Template Description field.

7.

Click Add Rule to add a rule to the ACL template.
The Add Basic Rule page appears.

8.

Select the action you want to take by clicking the radio button to the left of the option you want
to apply to this rule:

{

Select permit if, upon matching the specified conditions, the packet should be forwarded.

{

Select deny if, upon matching the specified conditions, the packet should be discarded.

9.

Enter a named variable for this ACL template in the Time Range field which allows you to create a
named variable without requiring you enter the time range in the template.
The named variable then serves as a placeholder for Time Range you created using the Assistant
combination when you import the template as a rule set into an existing ACL.

10.

Select the source IP address option you want to use by clicking the radio button to the left of the
desired option in the Source Address field of the Basic Info section.
This option specifies where the pattern matching occurs in this template rule. In this case, then
pattern matching is applied to the source IP address.
Options include:
All: Allows you to permit or deny traffic from all IP addresses.
IP Address/Mask: Allows you to enter a specific IP address and its subnet mask from which you
want to either permit or deny traffic for.

a.

Enter an IP address/subnet mask combination in the IP Address/Mask field.
The subnet must be entered using either CIDR or dotted decimal notation. A valid IP
address/subnet mask using dotted decimal notation would be