Managing acl templates in imc, Creating templates in acl management, Viewing acl templates – H3C Technologies H3C Intelligent Management Center User Manual
Page 804
790
After you change the options, go to the ACL device page to synchronize ACL devices.
5.
Click OK.
Managing ACL templates in IMC
ACL Templates in ACL Management are a container for the configuration options required to create an
ACL or to maintain the template. The ACL template contains configuration and can be imported into an
ACL resource. Resources are ACLs that contain one or more rule sets and can be deployed to devices
managed by IMC that support ACLs.
Rules, which are grouped to form rule sets, are the core of an ACL. A rule contains conditions that define
whether or not traffic is forwarded by a device or not. A rule includes a rule number, the action that to be
taken in the rule- whether traffic is permitted or denied, and a pattern for matching against the contents
of every packet to determine whether or not the packet is forwarded. The pattern to match can be an IP
or MAC address, range of addresses and their masks or a Layer 4 port number, or a hexadecimal string
and an offset value that identifies where in the packet to begin the pattern matching. Rules may also
include identification of the protocol or type of traffic that the action to be taken for and protocol specific
configuration options. Rules can also include time ranges and options specific to the protocol identified
in the rule or the type of ACL and rule.
There are four types of ACLs that can be created in IMC and four types of templates:
•
Basic: Allows you to create rules based on source IP addresses.
•
Advanced: Allows you to create rules based on Layer 3 and Layer 4 information including IP source
and destination addresses, TCP and UDP port information, and protocol specific options.
•
Link: Allows you to create rules based on Layer 2 information including MAC source and
destination addresses, VLAN priority information as well as link layer protocol type.
•
User-Defined. Allows you to define a hexadecimal pattern and mask and the offset in the packet
header where pattern matching begins. When a pattern is matched, the actions specified in the
rule in the ACL template are applied. A valid numeric range for assigning ACL Identifiers to
user-defined ACLs is 5000-5999.
Creating templates in ACL management
To create templates in ACL Management:
1.
Define the Services, Net Address Groups, and Time Ranges using the Assistant in the configuration
ACL templates.
2.
Create an ACL template using the services, Net Address Groups and Time Ranges created in the
Assistant to configure many of the template's options, including rule sets in the template.
3.
Modify options, copy templates, import into an existing ACL.
4.
Deploy to one or more devices using the ACL Deployment wizard.
Viewing ACL templates
The ACL Management provides you with a single portal for accessing all ACL templates. From the
Template List, you can view a list of all ACL templates as well as navigate to the View Template page for
viewing detailed information for each ACL template. From this page, you can navigate to the View Rule
page for viewing detailed information for every rule in an ACL template.