beautypg.com

Configuring an ipv4 basic acl, Configuring a basic acl – H3C Technologies H3C S10500 Series Switches User Manual

Page 13

background image

5

To do…

Use the command…

Remarks

Configure a time range

time-range time-range-name
{ start-time to end-time days [ from
time1 date1 ] [ to time2 date2 ] |

from time1 date1 [ to time2 date2 ]

| to time2 date2 }

Required
By default, no time range exists.
Repeat this command with the same time

range name to create multiple statements for

a time range.

Configuring a basic ACL

Configuring an IPv4 basic ACL

IPv4 basic ACLs match packets based only on source IP addresses.
Follow these steps to configure an IPv4 basic ACL:

To do…

Use the command…

Remarks

Enter system view

system-view

––

Create an IPv4 basic
ACL and enter its view

acl number acl-number
[ name acl-name ]

[ match-order { auto |

config } ]

Required
By default, no ACL exists.
IPv4 basic ACLs are numbered in the range of 2000 to
2999.
You can use the acl name acl-name command to enter the
view of a named IPv4 ACL.

Configure a
description for the IPv4

basic ACL

description text

Optional
By default, an IPv4 basic ACL has no ACL description.

Set the rule numbering
step

step step-value

Optional
5 by default.

Create or edit a rule

rule [ rule-id ] { deny |
permit } [ counting |

fragment | logging |
source { sour-addr

sour-wildcard | any } |

time-range

time-range-name |
vpn-instance

vpn-instance-name ] *

Required
By default, an IPv4 basic ACL does not contain any rule.
If the ACL is for QoS traffic classification or packet
filtering, do not specify the vpn-instance keyword. This

keyword can cause ACL application failure. The logging

and counting keywords (even if specified) do not take
effect for QoS policies.

Add or edit a rule
comment

rule rule-id comment text

Optional
By default, an IPv4 ACL rule has no rule description.

Add or edit a rule
range remark

rule [ rule-id ] remark
text

Optional
By default, no rule range remarks are configured.

Enable counting ACL
rule matches

performed in hardware

hardware-count enable

Optional
Disabled by default.
When the ACL is referenced by a QoS policy, this
command does not take effect.

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: