Creating a user-defined acl template – H3C Technologies H3C Intelligent Management Center User Manual

801

Creating a user-defined ACL template

User-Defined ACLs enable you to define a hexadecimal pattern and mask and the offset in the packet

header to begin the pattern matching. When a pattern is matched, the conditions of the rule in the ACL
template are applied. A valid numeric range for assigning ACL Identifiers to user-defined ACLs is

5000-5999.
To create a user-defined ACL template:

1.

Navigate to ACL Template:

a.

Click the Service tab from the tabular navigation system on the top.

b.

Click ACL Management section of the navigation tree on the left.

c.

Click the ACL Template link located under ACL Management on the navigation tree on the left.
The Template List displays in the main pane of the page.

2.

Click Add.

3.

Enter the name for the template in the Template Name field.
A valid length for a template name is 1 – 32 characters. A template name cannot begin with a
number or a space.

4.

Select User-Defined from the Type list to define the type of ACL template you want to create.
A User-Defined template can only have a Match Order of Config.

5.

Enter a brief description for this ACL template in the Template Description field.

6.

Click Add Rule to add a rule to the ACL template.
The Add User-Defined Rule page appears.

7.

Select the action you want to take by clicking the radio button to the left of the option you want
to apply to this rule:

{

Select

permit if, upon matching the specified conditions, the packet should be forwarded.

{

Select deny if, upon matching the specified conditions, the packet should be discarded.

8.

Enter a named variable for this ACL template in the Time Range field, allowing you to create a
named variable without requiring you enter the Time Range in the template.
The named variable then serves as a placeholder for Time Range you created using the Assistant
combination when you import the template as a rule set into an existing ACL.

9.

Enter up to eight hexadecimal patterns, masks, and offsets for matching the contents of a packet
and applying the actions specified in the rule when a hexadecimal pattern is matched.
The following rules and guidelines apply to constructing a valid hexadecimal string, mask, and

offset value:

{

A rule string must be expressed in hexadecimal only

{

A mask must be expressed in hexadecimal only

{

A rule string length must be equal to its mask length

{

Rule string and mask length must be in multiples of 2

{

The minimum length of a rule string and mask is 2

{

The maximum length of a rule string and mask is 160

{

Offsets must be expressed as a decimal integer

{

Offset range varies by the mask length

{

The minimum value for an offset is 0