Creating an advanced acl template – H3C Technologies H3C Intelligent Management Center User Manual
Page 809
795
Once you have created an ACL template, you can import the template into one or more ACLs. For
more information about importing into ACLs, see "
Creating an advanced ACL template
Advanced ACLs enable you to define rules based on Layer three and Layer four information including IP
source and destination addresses, protocol and TCP and UDP port information, as well as protocol
specific features. A valid numeric range for assigning ACL Identifiers to Advanced ACLs is 100-199,
2000-2699, or 3000-3999.
To create an advanced ACL template:
1.
Navigate to ACL Template:
a.
Click the Service tab from the tabular navigation system on the top.
b.
Click ACL Management section of the navigation tree on the left.
c.
Click the ACL Template link located under ACL Management on the navigation tree on the left.
The Template List displays in the main pane of the page.
2.
Click Add.
3.
Enter the name for the template in the Template Name field.
A valid length for a template name is 1 – 32 characters. A template name cannot begin with a
number or a space.
4.
Select the Type field to define the type of ACL template you want to create.
Options include Basic, Advanced, Link, and User-Defined. Select Advanced from the Type list.
If you change the type, the added rules are deleted.
5.
Select the match order you want to apply to this ACL template by clicking the radio button to the
left of the Match Order option you want to use. Options include Config and Auto.
If you select Config, IMC matches rules in the order in which they were configured.
If you select Auto, IMC matches rules based on the principle of depth priority.
This feature works only for devices that support it.
6.
Enter a brief description for this ACL template in the Template Description field.
7.
Click Add Rule to add a rule to the ACL template.
The Add Advanced Rule page appears.
8.
Select the protocol for which you want to permit or deny traffic from the Protocol list.
9.
Select the action you want to take by clicking the radio button to the left of the option you want
to apply to this rule.
Select permit if, upon matching the specified conditions, the packet should be forwarded, or
Select deny if, upon matching the specified conditions, the packet should be discarded.
10.
Enter a named variable for this ACL template in the Time Range field, allowing you to create a
named variable without requiring you enter the time range in the template.
The named variable then serves as a placeholder for Time Range you created using the Assistant
combination when you import the template as a rule set into an existing ACL.
The string entered in the Time Range field must start with a letter and have a length of 1-32
characters. Blank spaces [ ] and question marks [?] are not permitted.
11.
Select the source IP address option you want to use by clicking the radio button to the left of the
desired option in the Source Address field in Basic Info section.