Configuring a basic acl, Configuring an ipv4 basic acl – H3C Technologies H3C S12500 Series Switches User Manual

5

After configuring the ACL operating mode, you must restart the switch to make the configuration take

effect.
To configure the ACL operating mode:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Configure the ACL operating

mode on the EB or EC2
cards.

acl mode { standard | advanced }

By default, EB or EC2 cards
operate in advanced ACL mode.

Configuring a basic ACL

Configuring an IPv4 basic ACL

IPv4 basic ACLs match packets based only on source IP addresses.
To configure an IPv4 basic ACL:

Step

Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Create an IPv4 basic ACL and
enter its view.

acl number acl-number [ name
acl-name ] [ match-order { auto |

config } ]

By default, no ACL exists.
IPv4 basic ACLs are numbered in
the range 2000 to 2999.
You can use the acl name acl-name

command to enter the view of a
named IPv4 ACL.

3.

Configure a description for
the IPv4 basic ACL.

description text

Optional.
By default, an IPv4 basic ACL has
no ACL description.

4.

Set the rule numbering step.

step step-value

Optional.
The default setting is 5.

5.

Create or edit a rule.

rule [ rule-id ] { deny | permit }
[ counting | fragment | logging |

source { sour-addr sour-wildcard |

any } | time-range
time-range-name | vpn-instance

vpn-instance-name ] *

By default, an IPv4 basic ACL does
not contain any rule.
The logging keyword supports only

the packet filter function.
When the device is a PE device,
the packets at the private network

side of a VPN cannot match the

vpn-instance vpn-instance-name
option. When the device is a MCE

device, packets of a VPN cannot

match the vpn-instance
vpn-instance-name option. For

more information about PE devices

and MCE devices, see MPLS
Configuration Guide.