beautypg.com

Managing acl templates in imc, Creating templates in acl management, Viewing acl templates – H3C Technologies H3C Intelligent Management Center User Manual

Page 804

background image

790

After you change the options, go to the ACL device page to synchronize ACL devices.

5.

Click OK.

Managing ACL templates in IMC

ACL Templates in ACL Management are a container for the configuration options required to create an

ACL or to maintain the template. The ACL template contains configuration and can be imported into an

ACL resource. Resources are ACLs that contain one or more rule sets and can be deployed to devices

managed by IMC that support ACLs.
Rules, which are grouped to form rule sets, are the core of an ACL. A rule contains conditions that define

whether or not traffic is forwarded by a device or not. A rule includes a rule number, the action that to be

taken in the rule- whether traffic is permitted or denied, and a pattern for matching against the contents

of every packet to determine whether or not the packet is forwarded. The pattern to match can be an IP
or MAC address, range of addresses and their masks or a Layer 4 port number, or a hexadecimal string

and an offset value that identifies where in the packet to begin the pattern matching. Rules may also

include identification of the protocol or type of traffic that the action to be taken for and protocol specific

configuration options. Rules can also include time ranges and options specific to the protocol identified

in the rule or the type of ACL and rule.
There are four types of ACLs that can be created in IMC and four types of templates:

Basic: Allows you to create rules based on source IP addresses.

Advanced: Allows you to create rules based on Layer 3 and Layer 4 information including IP source
and destination addresses, TCP and UDP port information, and protocol specific options.

Link: Allows you to create rules based on Layer 2 information including MAC source and
destination addresses, VLAN priority information as well as link layer protocol type.

User-Defined. Allows you to define a hexadecimal pattern and mask and the offset in the packet
header where pattern matching begins. When a pattern is matched, the actions specified in the

rule in the ACL template are applied. A valid numeric range for assigning ACL Identifiers to
user-defined ACLs is 5000-5999.

Creating templates in ACL management

To create templates in ACL Management:

1.

Define the Services, Net Address Groups, and Time Ranges using the Assistant in the configuration
ACL templates.

2.

Create an ACL template using the services, Net Address Groups and Time Ranges created in the
Assistant to configure many of the template's options, including rule sets in the template.

3.

Modify options, copy templates, import into an existing ACL.

4.

Deploy to one or more devices using the ACL Deployment wizard.

Viewing ACL templates

The ACL Management provides you with a single portal for accessing all ACL templates. From the

Template List, you can view a list of all ACL templates as well as navigate to the View Template page for

viewing detailed information for each ACL template. From this page, you can navigate to the View Rule
page for viewing detailed information for every rule in an ACL template.