Copying an ipv6 basic or ipv6 advanced acl, Displaying and maintaining acls – H3C Technologies H3C SecBlade LB Cards User Manual
Page 44
33
Copying an IPv6 basic or IPv6 advanced ACL
Step Command
1.
Enter system view.
system-view
2.
Copy an existing IPv6 basic or
IPv6 advanced ACL to create
a new ACL.
acl ipv6 copy { source-acl6-number | name source-acl6-name } to
{ dest-acl6-number | name dest-acl6-name }
Enabling ACL acceleration for an IPv4 basic or IPv4 advanced
ACL
CAUTION:
•
ACL acceleration is not available for ACLs that contain a non-contiguous wildcard mask.
•
After you modify an ACL with ACL acceleration enabled, disable and re-enable ACL acceleration to
ensure correct rule matching.
ACL acceleration speeds up ACL lookup. The acceleration effect increases with the number of ACL rules.
ACL acceleration uses memory. To achieve the best trade-off between memory and ACL processing
performance, H3C recommends enabling ACL acceleration for large ACLs.
For example, when you use a large ACL for a session-based service, such as NAT, you can enable ACL
acceleration to avoid session timeouts caused by ACL processing delays.
Enable ACL acceleration in an ACL after you have finished editing ACL rules. ACL acceleration always
uses ACL criteria that have been set before it is enabled for rule matching. It does not synchronize with
any subsequent match criterion changes.
To enable ACL acceleration for an IPv4 basic or IPv4 advanced ACL:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enable ACL
acceleration for an
IPv4 basic or IPv4
advanced ACL.
acl accelerate number
acl-number
By default, the function is disabled.
The ACL must exist.
Only IPv4 basic ACLs and advanced ACLs support
ACL acceleration.
Displaying and maintaining ACLs
Task Command
Remarks
Display configuration and match
statistics for IPv4 basic, IPv4
advanced, and Ethernet frame
header ACLs.
display acl { acl-number | all | name
acl-name } [ | { begin | exclude | include }
regular-expression ]
Available in any view.