F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Access Control Command Reference-6PW100
3
For example, when you use a large ACL for a session-based service, such as NAT or ASPF, you can
enable ACL acceleration to avoid session timeouts caused by ACL processing delays.
Enable ACL acceleration in an ACL after editing the ACL rules. ACL acceleration always uses ACL criteria
that have been set before it is enabled for rule matching. It does not synchronize with any subsequent
match criterion changes.
ACL acceleration is not available for ACLs that contain a non-contiguous wildcard mask.
The following matrix shows the acl accelerate command and firewalls and UTM devices compatibility:
Hardware Command com
p
atible
F1000-A-EI/F1000-S-EI Yes
F1000-E Yes
F5000 Yes
Firewall module Yes
U200-A No
U200-S No
Examples
# Enable ACL acceleration for IPv4 advanced ACL 3000.
<Sysname> system-view
[Sysname] acl accelerate number 3000
Related commands
display acl accelerate
acl copy
Use acl copy to create an IPv4 basic, IPv4 advanced, or Ethernet frame header ACL by copying an ACL
that already exists. The new ACL has the same properties and content as the source ACL, but not the
same ACL number and name.
Syntax
acl copy { source-acl-number | name source-acl-name } to { dest-acl-number | name dest-acl-name }
Views
System view
Default command level
2: System level
Parameters
source-acl-number: Specifies an existing source ACL by its number:
• 2000 to 2999 for IPv4 basic ACLs
• 3000 to 3999 for IPv4 advanced ACLs
• 4000 to 4999 for Ethernet frame header ACLs
name source-acl-name: Specifies an existing source ACL by its name. The source-acl-name argument
takes a case-insensitive string of 1 to 63 characters.