Configuring an acl in the web interface, Configuration task list, Creating an acl – H3C Technologies H3C SecPath F1000-E User Manual

4

For example, when you use a large ACL for a session-based service, such as NAT or ASPF, you can

enable ACL acceleration to avoid session timeouts caused by ACL processing delays.
Enable ACL acceleration in an ACL after you have finished editing ACL rules. ACL acceleration always

uses ACL criteria that have been set before it is enabled for rule matching. It does not synchronize with

any subsequent match criterion changes.

Configuring an ACL in the Web interface

Configuration task list

Table 2 ACL configuration task list

Task Remarks

Creating an ACL

Required
The category of the created ACL depends on the ACL number that
you specify.

Configuring a basic ACL rule

Required
Complete one of the three tasks according to the ACL category.

IMPORTANT:

•

Within an ACL, the permit or deny statement of each rule must
be unique. If the ACL rule you are creating or editing has the

same deny or permit statement as another rule in the ACL, your

creation or editing attempt will fail.

•

You can edit ACL rules only when the match order is config.

Configuring an advance ACL rule

Configuring an Ethernet frame header
ACL rule

Configuring ACL acceleration

Optional
Necessary only when the ACL contains a large number of ACL

rules.

IMPORTANT:

•

Only IPv4 basic ACLs and IPv4 advanced ACLs support ACL
acceleration.

•

ACL acceleration is not available for ACLs that contain a

non-contiguous wildcard mask, for example, 0.255.0.255.

•

After you modify an IPv4 ACL with ACL acceleration enabled,

disable and re-enable ACL acceleration to guarantee correct
rule matching.

Creating an ACL

After you select Firewall > ACL from the navigation tree, all existing ACLs will be displayed in the right
pane, as shown in

Figure 1

. Click Add to enter the ACL configuration page, as shown in

Figure 2

.