F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Access Control Configuration Guide-6PW100
24
Ste
p
Command Remarks
5. Create or edit a
rule.
rule [ rule-id ] { deny |
permit } [ cos vlan-pri |
counting | dest-mac
dest-address dest-mask |
{ lsap lsap-type
lsap-type-mask | type
protocol-type
protocol-type-mask } |
source-mac source-address
source-mask | time-range
time-range-name ] *
By default
,
an Ethernet frame header ACL does not
contain any rule.
6. Add or edit a rule
comment.
rule rule-id comment text
Optional.
By default, no rule comments are configured.
7. Add or edit a rule
range remark.
rule [ rule-id ] remark text
Optional.
By default, no rule range remarks are configured.
122BCopying an ACL
You can create an ACL by copying an existing ACL (source ACL). The new ACL (destination ACL) has the
same properties and content as the source ACL, but not the same ACL number and name.
To successfully copy an ACL, make sure:
• The destination ACL number is from the same category as the source ACL number.
• The source ACL already exists, but the destination ACL does not.
269BCopying an IPv4 basic, IPv4 advanced, or Ethernet frame header ACL
Ste
p
Command
1. Enter system view.
system-view
2. Copy an existing IPv4 basic, IPv4 advanced,
or Ethernet frame header ACL to create a new
ACL.
acl copy { source-acl-number | name source-acl-name } to
{ dest-acl-number | name dest-acl-name }
270BCopying an IPv6 basic or IPv6 advanced ACL
Ste
p
Command
1. Enter system view.
system-view
2. Copy an existing IPv6 basic or IPv6
advanced ACL to create a new ACL.
acl ipv6 copy { source-acl6-number | name source-acl6-name } to
{ dest-acl6-number | name dest-acl6-name }
123BEnabling ACL acceleration for an IPv4 basic or IPv4 advanced
ACL
The following matrix shows the feature and hardware compatibility: