Copying an acl – H3C Technologies H3C SecBlade LB Cards User Manual
Page 43
32
Step
Command
Remarks
2.
Create an
Ethernet frame
header ACL and
enter its view.
acl number acl-number
[ name acl-name ]
[ match-order { auto |
config } ]
By default, no ACL exists.
Ethernet frame header ACLs are numbered in the
range of 4000 to 4999.
You can use the acl name acl-name command to enter
the view of a named Ethernet frame header ACL.
3.
Configure a
description for the
Ethernet frame
header ACL.
description text
Optional.
By default, an Ethernet frame header ACL has no ACL
description.
4.
Set the rule
numbering step.
step step-value
Optional.
The default setting is 5.
5.
Create or edit a
rule.
rule [ rule-id ] { deny |
permit } [ cos vlan-pri |
counting | dest-mac
dest-address dest-mask |
{ lsap lsap-type
lsap-type-mask | type
protocol-type
protocol-type-mask } |
source-mac source-address
source-mask | time-range
time-range-name ] *
By default
,
an Ethernet frame header ACL does not
contain any rule.
The device does not support the counting keyword.
6.
Add or edit a rule
comment.
rule rule-id comment text
Optional.
By default, no rule comments are configured.
7.
Add or edit a rule
range remark.
rule [ rule-id ] remark text
Optional.
By default, no rule range remarks are configured.
Copying an ACL
You can create an ACL by copying an existing ACL (source ACL). The new ACL (destination ACL) has the
same properties and content as the source ACL, but not the same ACL number and name.
To successfully copy an ACL, make sure:
•
The destination ACL number is from the same category as the source ACL number.
•
The source ACL already exists, but the destination ACL does not.
Copying an IPv4 basic, IPv4 advanced, or Ethernet frame header ACL
Step Command
1.
Enter system view.
system-view
2.
Copy an existing IPv4 basic, IPv4 advanced, or
Ethernet frame header ACL to create a new
ACL.
acl copy { source-acl-number | name source-acl-name }
to { dest-acl-number | name dest-acl-name }