Configuring acls at the cli, Configuration task list, Configuring a basic acl – H3C Technologies H3C SecBlade LB Cards User Manual
Page 39: Configuring an ipv4 basic acl
28
Configuring ACLs at the CLI
Configuration task list
Task Remarks
Required.
Configure at least one task.
Applicable to IPv4 and IPv6.
Configuring an Ethernet frame header ACL
Optional.
Applicable to IPv4 and IPv6.
Enabling ACL acceleration for an IPv4 basic or IPv4
advanced ACL
Optional.
Configuring a basic ACL
Configuring an IPv4 basic ACL
IPv4 basic ACLs match packets based only on source IP addresses.
To configure an IPv4 basic ACL:
Step
Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Create an IPv4
basic ACL and
enter its view.
acl number acl-number [ name
acl-name ] [ match-order { auto |
config } ]
By default, no ACL exists.
IPv4 basic ACLs are numbered in the range of
2000 to 2999.
You can use the acl name acl-name command
to enter the view of a named ACL.
3.
Configure a
description for the
IPv4 basic ACL.
description text
Optional.
By default, an IPv4 basic ACL has no ACL
description.
4.
Set the rule
numbering step.
step step-value
Optional.
The default setting is 5.
5.
Create or edit a
rule.
rule [ rule-id ] { deny | permit }
[ counting | fragment | logging |
source { source-address
source-wildcard | any } |
time-range time-range-name |
vpn-instance vpn-instance-name ]
*
By default, an IPv4 basic ACL does not contain
any rule.
The logging keyword takes effect only when
the module that uses the ACL supports logging.
The device does not support the counting
keyword.
6.
Add or edit a rule
comment.
rule rule-id comment text
Optional.
By default, no rule comments are configured.