Configuring a basic acl, Configuring an ipv4 basic acl – H3C Technologies H3C S7500E Series Switches User Manual

1-7

Configuring a Basic ACL

Configuring an IPv4 basic ACL

IPv4 basic ACLs match packets based on only source IP address.

Follow these steps to configure an IPv4 basic ACL:

To do…

Use the command…

Remarks

Enter system view

system-view

––

Create an IPv4 basic ACL and

enter its view

acl number acl-number [ name

acl-name ] [ match-order { auto |

config } ]

Required

By default, no ACL exists.

IPv4 basic ACLs are numbered in

the range 2000 to 2999.

You can use the acl name

acl-name command to enter the

view of an existing named IPv4

ACL.

Configure a description for the

IPv4 basic ACL

description text

Optional

By default, an IPv4 basic ACL has

no ACL description.

Set the rule numbering step

step step-value

Optional

5 by default.

Create or edit a rule

rule [ rule-id ] { deny | permit }

[ fragment | logging | source

{ sour-addr sour-wildcard | any } |

time-range time-range-name |

vpn-instance

vpn-instance-name ]*

Required

By default, an IPv4 basic ACL

does not contain any rule.

To create or edit multiple rules,

repeat this step.

Note that the logging and

vpn-instance keywords are not

supported if the ACL is to be

referenced by a QoS policy for

traffic classification.

Configure or edit a rule description rule rule-id comment text

Optional

By default, an IPv4 ACL rule has

no rule description.

Note that:

z

You can only modify the existing rules of an ACL that uses the match order of config. When

modifying a rule of such an ACL, you may choose to change just some of the settings, in which

case the other settings remain the same.