Manualshelf

R3166-R3206-HP High-End Firewalls Access Control Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
11121314151617181920
14
To do… Use the command…
Remarks
Set the rule numbering step step step-value
Optional
5 by default.
Create or edit a rule
rule [ rule-id ] { deny | permit }
[ cos vlan-pri | dest-mac dest-addr
dest-mask | { lsap lsap-type
lsap-type-mask | type
protocol-type protocol-type-mask }
| source-mac sour-addr
source-mask | time-range
time-range-name ] *
Required
By default
,
an Ethernet frame
header ACL does not contain any
rule.
Add or edit a rule comment
rule rule-id comment text
Optional
By default, an Ethernet frame
header ACL rule has no rule
description.
Copying an ACL
You can create an ACL by copying an existing ACL (source ACL). The new ACL (destination ACL) has the
same properties and content as the source ACL, but not the same ACL number and name.
To successfully copy an ACL, make sure that:
The destination ACL number is from the same category as the source ACL number.
The source ACL already exists but the destination ACL does not.
Follow these steps to copy an IPv4 ACL:
To do… Use the command…
Remarks
Enter system view
system-view ––
Copy an existing IPv4 ACL to create a
new IPv4 ACL
acl copy { source-acl-number |
name source-acl-name } to
{ dest-acl-number | name
dest-acl-name }
Required
Enabling ACL acceleration for an IPv4 ACL
ACL acceleration speeds up ACL lookup. The acceleration effect increases with the number of ACL rules.
ACL acceleration uses memory, HP recommends you enable ACL acceleration carefully.
For example, when you use a large ACL for a session-based service, such as NAT or ASPF, you can
enable ACL acceleration to avoid session timeouts caused by ACL processing delays.
Enable ACL acceleration in an ACL after you have finished editing ACL rules. ACL acceleration always
uses ACL criteria that have been set before it is enabled for rule matching. It does not synchronize with
any subsequent match criterion changes.
Follow these steps to enable ACL acceleration for an IPv4 ACL:
To do… Use the command…
Remarks
Enter system view
system-view ––