Adding an advanced rule to an advanced template – H3C Technologies H3C Intelligent Management Center User Manual

814

Adding an advanced rule to an advanced template

To add an advanced rule to an advanced ACL template:

1.

Navigate to ACL Template:

a.

Click the Service tab from the tabular navigation system on the top.

b.

Click ACL Management section of the navigation tree on the left.

c.

Click the ACL Template link located under ACL Management on the navigation tree on the left.
The Template List displays in the main pane of the page.

2.

Click the icon in the Modify field associated with the advanced template you want to modify.
The Modify Template page appears.

3.

Click Add Rule to add a rule to the ACL template.
The Add Advanced Rule page appears.

4.

Select the protocol for which you want to permit or deny traffic from the Protocol list.

5.

Select the action you want to take by clicking the radio button to the left of the option you want

to apply to this rule:

{

Select permit if, upon matching the specified conditions, the packet should be forwarded.

{

Select deny if, upon matching the specified conditions, the packet should be discarded.

6.

Enter a named variable for this ACL template in the Time Range field allowing you to create a
named variable without requiring you enter the time range in the template.
The named variable then serves as a placeholder for Time Range you created using the Assistant
combination when you import the template as a rule set into an existing ACL.

7.

Select the source IP address option you want to use by clicking the radio button to the left of the

desired option in the Source Address field in Basic Info section.
This option specifies where the pattern matching occurs in this template rule. In this case, the
pattern matching is applied to the source IP address.

•

All: Allows you to permit or deny traffic for all IP addresses.

•

IP Address/Mask: Allows you to enter a specific IP address and its subnet mask for which you want
to either permit or deny traffic for.

a.

Enter an IP address/subnet mask combination in the IP Address/Mask field.

The subnet mask must be entered in dotted decimal notation. A valid IP address/subnet mask using

dotted decimal notation would be

192.168.1.0/255.255.255.0

A forward slash "/" must be used to separate the IP address from the subnet mask.

•

Variable Address: Allows you to create a named variable without requiring you to enter the IP
addresses/masks in the template. The named variable then serves as a placeholder for Net

Address Group you created using the Assistant combination when you import the template as a rule

set into an existing ACL.

b.

Enter a name for this variable in the field to the right.

8.

Select the destination IP address option you want to use by clicking the radio button to the left
of the desired option in the Destination Address field in Basic Info section.
This option specifies where the pattern matching occurs in this template rule. In this case, the
pattern matching is applied to the source IP address.

•

All: Allows you to permit or deny traffic for all IP addresses.