beautypg.com

Copying an acl, Copying an ipv4 acl – H3C Technologies H3C SR8800 User Manual

Page 20

background image

11

NOTE:

This feature is available only on SPC cards.

User-defined ACLs allow you to customize rules based on information in protocol headers such as the IP

header. You can define a user-defined ACL to deny or permit packets in which a specific number of bytes

after the specified offset (relative to the specified header), matches the specified match pattern after
being ANDed with a match pattern mask.
To configure a user-defined ACL:

Step

Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Set the ACL rule length limit

mode.

acl mode { 3 | 4 }

The default setting is 2.

3.

Create a user-defined ACL
and enter its view.

acl number acl-number [ name
acl-name ]

By default, no ACL exists, and the
match order of a user-defined ACL

is config.
User-defined ACLs are numbered
in the range 5000 to 5999.
You can use the acl name acl-name
command to enter the view of a

user-defined ACL.

4.

Configure a description for

the user-defined ACL.

description text

Optional.
By default, a user-defined ACL has

no ACL description.

5.

Create or edit a rule.

rule [ rule-id ] { deny | permit }
[ { { ipv4 | ipv6 | l2 | l4 } rule-string
rule-mask offset }&<1-8> ]

[ counting | time-range

time-range-name ] *

By default, a user-defined ACL
does not contain any rule.
To create or edit multiple rules,
repeat this step.

6.

Configure or edit a rule
description.

rule rule-id comment text

Optional.
By default, a user-defined ACL rule
has no rule description.

7.

Enable rule match counting
for the user-defined ACL.

hardware-count enable

Optional.
By default, rule match counting is
disabled.

Copying an ACL

You can create an ACL by copying an existing ACL. The new ACL has the same properties and content

as the source ACL, but not the same ACL number and name.
To successfully copy an ACL, make sure that:

The destination ACL number is from the same category as the source ACL number.

The source ACL already exists but the destination ACL does not.

Copying an IPv4 ACL

To copy an IPv4 ACL:

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: