H3C Technologies H3C S7500E Series Switches User Manual

1-10

To do…

Use the command…

Remarks

Create an IPv4 advanced ACL and

enter its view

acl number acl-number [ name

acl-name ] [ match-order { auto |

config } ]

Required

By default, no ACL exists.

IPv4 advanced ACLs are

numbered in the range 3000 to

3999.

You can use the acl name

acl-name command to enter the

view of an existing named IPv4

ACL.

Configure a description for the

IPv4 advanced ACL

description text

Optional

By default, an IPv4 advanced ACL

has no ACL description.

Set the rule numbering step

step step-value

Optional

5 by default.

Create or edit a rule

rule [ rule-id ] { deny | permit }

protocol [ { established | { ack

ack-value | fin fin-value | psh

psh-value | rst rst-value | syn

syn-value | urg urg-value } * } |

destination { dest-addr

dest-wildcard | any } |

destination-port operator port1

[ port2 ] | dscp dscp | fragment |

icmp-type { icmp-type icmp-code |

icmp-message } | logging |

precedence precedence |

reflective | source { sour-addr

sour-wildcard | any } | source-port

operator port1 [ port2 ] |

time-range time-range-name | tos

tos | vpn-instance

vpn-instance-name ] *

Required

By default, an IPv4 advanced ACL

does not contain any rule.

To create or edit multiple rules,

repeat this step.

Note that if the ACL is to be

referenced by a QoS policy for

traffic classification, the logging ,

reflective and vpn-instance

keywords are not supported and

the operator argument cannot be:

z

neq, if the policy is for the

inbound traffic,

z

gt, lt, neq or range, if the

policy is for the outbound

traffic.

Configure or edit a rule description rule rule-id comment text

Optional

By default, an IPv4 ACL rule has

no rule description.

Note that: