Modifying the rules in an acl template, Modifying, The rules in an acl template – H3C Technologies H3C Intelligent Management Center User Manual

819

The following rules and guidelines apply to constructing a valid hexadecimal string, mask, and

offset value:

{

A rule string must be expressed in hexadecimal only

{

A mask must be expressed in hexadecimal only

{

A rule string length must be equal to its mask length

{

Rule string and mask length must be in multiples of 2

{

The minimum length of a rule string and mask is 2

{

The maximum length of a rule string and mask is 160

{

Offsets must be expressed as a decimal integer

{

Offset range varies by the mask length

{

The minimum value for an offset is 0

{

The maximum value for an offset is 79

{

The offset must increase progressively

a.

Enter a hexadecimal pattern to be matched in the Rule String field.

b.

Enter a mask in the Mask field.

c.

Enter the offset in the Excursion field.

d.

Enter up to eight Rule String/Mask/Excursion combinations.

7.

Click OK to create the rule you have just configured.

8.

Click OK to add the rule to the ACL template.

Modifying the rules in an ACL template

You can also modify the individual rules of a template.
To modify the basic rule of a basic ACL template:

1.

Navigate to ACL Template.

a.

Click the Service tab from the tabular navigation system on the top.

b.

Click ACL Management section of the navigation tree on the left.

c.

Click the ACL Template link located under ACL Management on the navigation tree on the left.
The Template List displays in the main pane of the page.

2.

Click the icon in the Modify field associated with the basic template you want to modify.
The Modify Template page displays, with the Modify Template page in the main pane.

3.

Click the icon in the Modify field associated with the basic rule you want to modify.

4.

Select the action you want to take by clicking the radio button to the left of the option you want

to apply to this rule:

{

Select permit if, upon matching the specified conditions, the packet should be forwarded.

{

Select deny if, upon matching the specified conditions, the packet should be discarded.

5.

Enter a named variable for this ACL template in the Time Range field allowing you to create a

named variable without requiring you enter the time range in the template.
The named variable then serves as a placeholder for Time Range you created using the Assistant
combination when you import the template as a rule set into an existing ACL.

6.

Select the source IP address option you want to use by clicking the radio button to the left of the

desired option in the Source Address field in Basic Info section.