beautypg.com

Configuring an advanced acl, Configuring an ipv4 advanced acl – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

Page 13

background image

6

To do…

Use the command…

Remarks

Create or edit a rule

rule [ rule-id ] { deny | permit } [ fragment |
source { ipv6-address prefix-length |
ipv6-address/prefix-length | any } |

time-range time-range-name ] *

Required
By default, an IPv6 basic ACL does
not contain any rule.

Add or edit a rule
comment

rule rule-id comment text

Optional
By default, an IPv6 basic ACL rule
has no rule description.

Configuring an advanced ACL

Configuring an IPv4 advanced ACL

IPv4 advanced ACLs match packets based on source IP addresses, destination IP addresses, packet

priorities, protocols over IP, and other protocol header information, such as TCP/UDP source and

destination port numbers, TCP flags, ICMP message types, and ICMP message codes.
Compared to IPv4 basic ACLs, IPv4 advanced ACLs allow more flexible and accurate filtering.
Follow these steps to configure an IPv4 advanced ACL:

To do…

Use the command…

Remarks

Enter system view

system-view

––

Create an IPv4 advanced
ACL and enter its view

acl number acl-number [ name
acl-name ] [ match-order { auto |

config } ]

Required
By default, no ACL exists.
IPv4 advanced ACLs are
numbered in the range 3000 to

3999.
You can use the acl name acl-name

command to enter the view of a
named IPv4 ACL.

Configure a description for
the IPv4 advanced ACL

description text

Optional
By default, an IPv4 advanced ACL
has no ACL description.

Set the rule numbering step

step step-value

Optional
5 by default.

Create or edit a rule

rule [ rule-id ] { deny | permit } protocol
[ { { ack ack-value | fin fin-value | psh

psh-value | rst rst-value | syn syn-value
| urg urg-value } * | established } |

destination { dest-addr dest-wildcard |

any } | destination-port operator port1
[ port2 ] | dscp dscp | fragment |

icmp-type { icmp-type [ icmp-code ] |

icmp-message } | precedence
precedence | source { sour-addr

sour-wildcard | any } | source-port

operator port1 [ port2 ] | time-range
time-range-name | tos tos ] *

Required
By default, an IPv4 advanced ACL

does not contain any rule.

See also other documents in the category H3C Technologies Routers: