Displaying and maintaining acls, Acl configuration example, Network requirements – H3C Technologies H3C SecPath F1000-E User Manual

Page 31

Step Command

Remarks

Enable ACL acceleration for

an IPv4 ACL.

acl accelerate number acl-number

Disabled by default.
The ACL must exist.
Only IPv4 basic ACLs and

advanced ACLs support ACL
acceleration.

CAUTION:
•

ACL acceleration is not available for ACLs that contain a non-contiguous wildcard mask.

•

This feature occupies system memory. Use this feature with caution.

•

After you modify an IPv4 ACL with ACL acceleration enabled, disable and re-enable ACL acceleration
to guarantee correct rule matching.

Displaying and maintaining ACLs

Task Command

Remarks

Display configuration and match
statistics for one or all IPv4 ACLs.

display acl { acl-number | all | name
acl-name } [ | { begin | exclude | include }
regular-expression ]

Available in any view

Display information about the IPv4
ACL acceleration feature.

display acl accelerate { acl-number | all } [ |
{ begin | exclude | include }

regular-expression ]

Available in any view

Display configuration and match
statistics for one or all IPv6 ACLs.

display acl ipv6 { acl6-number | all | name
acl6-name } [ | { begin | exclude | include }

regular-expression ]

Available in any view

Clear statistics for one or all IPv4
ACLs.

reset acl counter { acl-number | all | name
acl-name }

Available in user view

Clear statistics for one or all IPv6
basic and advanced ACLs.

reset acl ipv6 counter { acl6-number | all |
name acl6-name }

Available in user view

ACL configuration example

NOTE:

IPv4 ACL application usually works with NAT. For IPv4 ACL configuration examples, see

NAT

Configuration Guide.

Network requirements

A company interconnects its departments through SecPath. Configure an ACL to:

•

Permit access from the President's office at any time to the financial database server.

•

Permit access from the Financial department to the database server only during working hours (from
8:00 to 18:00) on working days.

•

Deny access from any other department to the database server.

This manual is related to the following products:

H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS