beautypg.com

Configuring an ethernet frame header acl rule – H3C Technologies H3C SecPath F1000-E User Manual

Page 487

background image

9

Item Description

Destination IP Address

Destination Wildcard

Select the Destination IP Address check box and type a destination IP
address and destination wildcard, in dotted decimal notation.

VPN Instance

Specify the VPN instance.
If you select None, the rule is effective for only non-VPN packets.

Protocol

Select the protocol to be carried by IP.
If you select 1 ICMP, you can configure the ICMP message type and code; if
you select 6 TCP or 17 UDP, you can configure the TCP or UDP specific items.

ICMP Message

ICMP Type

ICMP Code

Specify the ICMP message type and code.
These items are available only when you select 1 ICMP from the Protocol
drop-down box.
If you select Others from the ICMP Message drop-down box, you need to
type values in the ICMP Type and ICMP Code fields. Otherwise, the two

fields will take the default values, which cannot be changed.

TCP Connection Established

If you select this check box, the rule matches packets used for establishing and
maintaining TCP connections.
This item is available only when you select 6 TCP from the Protocol

drop-down box.
On a firewall, a rule with this item configured matches TCP connection packets

with the ACK or RST flag.

Operator

Source

Port

Operator

Destination

Port

Select the operators and type the source port numbers and destination port
numbers as required.
These items are available only when you select 6 TCP or 17 UDP from the
Protocol drop-down box.
Different operators have different configuration requirements for the port

number fields:

None: The following port number fields cannot be configured.

inclusive range: The following port number fields must be configured to
define a port range.

Other values: The first port number field must be configured and the

second must not.

ToS

Specify the ToS preference.

Precedence

Specify the IP precedence.

DSCP

Specify the DSCP priority.

IMPORTANT:

If you configure the IP precedence or
ToS precedence in addition to the
DSCP priority, the DSCP priority
takes effect.


Return to

ACL configuration task list

.

Configuring an Ethernet Frame Header ACL Rule

Select Firewall > ACL from the navigation tree. Then, select the Ethernet frame header ACL for which
you want to configure ACL rules from the ACL list in the right pane and click the corresponding

icon

in the Operation column to list all existing rules of the ACL, as shown in

Figure 7

. Click Add to enter

the configuration page for Ethernet frame header ACL rules, as shown in

Figure 8

.

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: