beautypg.com

Configuring a basic acl, Configuring an ipv4 basic acl – H3C Technologies H3C SR8800 User Manual

Page 15

background image

6

Step Command

Remarks

2.

Configure a time range.

time-range time-range-name
{ start-time to end-time days [ from

time1 date1 ] [ to time2 date2 ] |

from time1 date1 [ to time2 date2 ]
| to time2 date2 }

By default, no time range exists.
Repeat this command with the

same time range name to create
multiple statements for a time

range.

You can create multiple statements in a time range. The active period of a time range is calculated as

follows:

1.

Combining all periodic statements

2.

Combining all absolute statements

3.

Taking the intersection of the two statement sets as the active period of the time range

You can create a maximum of 256 time ranges, each with a maximum of 32 periodic statements and 12
absolute statements.

Configuring a basic ACL

Configuring an IPv4 basic ACL

IPv4 basic ACLs match packets based only on source IP addresses.
To configure an IPv4 basic ACL:

Step

Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Create an IPv4 basic ACL
and enter its view.

acl number acl-number [ name
acl-name ] [ match-order { auto |
config } ]

By default, no ACL exists.
IPv4 basic ACLs are numbered in the
range 2000 to 2999.
You can use the acl name acl-name
command to enter the view of a named

IPv4 ACL.

3.

Configure a description

for the IPv4 basic ACL.

description text

Optional.
By default, an IPv4 basic ACL has no

ACL description.

4.

Set the rule numbering
step.

step step-value

Optional.
The default setting is 5.

5.

Create or edit a rule.

rule [ rule-id ] { deny | permit }
[ counting | fragment | logging |

source { sour-addr sour-wildcard |

any } | time-range
time-range-name | vpn-instance

vpn-instance-name ] *

By default, an IPv4 basic ACL does not
contain any rule.
To create or edit multiple rules, repeat
this step.
The logging keyword takes effect only

when the module (for example, a
packet-filter firewall) that uses the ACL

supports logging.

6.

Configure or edit a rule
description.

rule rule-id comment text

Optional.
By default, an IPv4 ACL rule has no rule
description.

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: