Copying an acl, Copying an ipv4 acl, Copying an ipv6 acl – H3C Technologies H3C SecPath F1000-E User Manual
Page 30: Enabling acl acceleration for an ipv4 acl
20
Step
Command
Remarks
5.
Create or edit a rule.
rule [ rule-id ] { deny | permit } [ cos
vlan-pri | counting | dest-mac
dest-addr dest-mask | { lsap
lsap-type lsap-type-mask | type
protocol-type protocol-type-mask }
| source-mac sour-addr
source-mask | time-range
time-range-name ] *
By default
,
an Ethernet frame
header ACL does not contain any
rule.
To create or edit multiple rules,
repeat this step.
6.
Configure or edit a rule
description.
rule rule-id comment text
Optional.
By default, an Ethernet frame
header ACL rule has no rule
description.
Copying an ACL
You can create an ACL by copying an existing ACL (source ACL). The new ACL (destination ACL) has the
same properties and content as the source ACL, but not the same ACL number and name.
To successfully copy an ACL, make sure that:
•
The destination ACL number is from the same category as the source ACL number.
•
The source ACL already exists but the destination ACL does not.
Copying an IPv4 ACL
Step Command
1.
Enter system view.
system-view
2.
Copy an existing IPv4 ACL to create a new IPv4
ACL.
acl copy { source-acl-number | name source-acl-name }
to { dest-acl-number | name dest-acl-name }
Copying an IPv6 ACL
Step Command
1.
Enter system view.
system-view
2.
Copy an existing IPv6 ACL to generate a new
one of the same category.
acl ipv6 copy { source-acl6-number | name
source-acl6-name } to { dest-acl6-number | name
dest-acl6-name }
Enabling ACL acceleration for an IPv4 ACL
Step Command
Remarks
1.
Enter system view.
system-view
N/A
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS