H3C Technologies H3C Intelligent Management Center User Manual
Page 853
839
13.
" to configure fixed time ranges and "
" to configure cyclic time ranges.
14.
Select the protocol for which you want to permit or deny traffic from the Protocol list.
15.
Select the action you want to take by clicking the radio button to the left of the option you want
to apply to this rule:
{
Select permit if, upon matching the specified conditions, the packet should be forwarded.
{
Select deny if, upon matching the specified conditions, the packet should be discarded.
16.
Select the time range you want to apply to this rule from the Time Range list you created in the Step
10.
17.
Select the source IP address option you want to use by clicking the radio button to the left of the
desired option in the Source Address section of the Configure Rule - Add Rule page.
This option specifies where the pattern matching occurs in this rule. In this case, the pattern
matching is applied to the source IP address.
•
All: Allows you to permit or deny traffic for all IP addresses.
•
IP Address/Mask: Allows you to enter a specific IP address and its subnet mask for which you want
to either permit or deny traffic for.
Enter an IP address/subnet mask combination in the IP Address/Mask field. The subnet mask must
be entered in dotted decimal notation. A valid IP address/subnet mask using dotted decimal
notation would be
192.168.1.0/255.255.255.0
A forward slash "/" must be used to separate the IP address from the subnet mask.
18.
Select the destination IP address option you want to use by clicking the radio button to the left
of the desired option in the Destination Address portion of the Configure Rule - Add Rule page.
This option specifies where the patter matching occurs in this rule. In this case, the pattern
matching is applied to the destination IP address.
•
All: Allows you to permit or deny traffic for all IP addresses.
•
IP Address/Mask: Allows you to enter a specific IP address and its subnet mask for which you want
to either permit or deny traffic.
Enter an IP address/subnet mask combination in the IP Address/Mask field. The subnet mask must
be entered in dotted decimal notation. A valid IP address/subnet mask using dotted decimal
notation would be:
192.168.1.0/255.255.255.0
A forward slash "/" must be used to separate the IP address from the subnet mask.
19.
If you selected TCP or UDP as the protocol you want to apply this ACL rule to in Step 12, you must
also specify the source TCP or UDP port numbers:
a.
Select the source TCP or UDP port by clicking the radio button to the left of the port option
you want to apply in the Source Port portion of the Configure Rule - Add Rule page:
{
Undefined: Allows you to permit or deny traffic for all TCP or UDP port numbers.
{
Specified Port: Allows you to identify a specific TCP or UDP port number or range of numbers.
b.
Click the radio button to the left of Specified Port and select the operator you want to use
from the list located to the right of the Specified Port option.
c.
Enter the TCP or UDP port number in the Port field.
20.
If you selected TCP or UDP as the protocol you want to apply this ACL rule to, you must also specify
the destination TCP or UDP port numbers: