R3204P16-HP Load Balancing Module Security Configuration Guide-6PW101
64
To do… Use the command… Remarks
Add or edit a rule
comment
rule rule-id comment text
Optional
By default, an Ethernet frame header ACL
rule has no rule description.
Copying an IPv4 ACL
You can create an ACL by copying an existing ACL (source ACL). The new ACL (destination ACL) has the
same properties and content as the source ACL, but not the same ACL number and name.
To successfully copy an ACL, make sure that:
• The destination ACL number is from the same category as the source ACL number.
• The source ACL already exists but the destination ACL does not.
Follow these steps to copy an IPv4 ACL:
To do… Use the command…
Remarks
Enter system view system-view —
Copy an existing IPv4 ACL to
create a new IPv4 ACL
acl copy { source-acl-number | name source-acl-name } to
{ dest-acl-number | name dest-acl-name }
Required
Enabling ACL acceleration for an IPv4 ACL
Follow these steps to enable ACL acceleration for an IPv4 ACL:
To do… Use the command…
Remarks
Enter system view system-view —
Enable ACL acceleration
for an IPv4 ACL
acl accelerate number
acl-number
Required
Disabled by default.
The ACL must exist.
Only IPv4 basic ACLs and advanced ACLs support ACL
acceleration.
CAUTION:
• ACL acceleration is not available for ACLs that contain a non-contiguous wildcard mask.
• After you modify an IPv4 ACL with ACL acceleration enabled, disable and re-enable ACL acceleration
to ensure correct rule matching.
Displaying and maintaining ACLs
To do... Use the command…
Remarks
Display configuration and match
statistics for one or all IPv4 ACLs
display acl { acl-number | all | name
acl-name }
Available in any view
Display information about the IPv4
ACL acceleration feature
display acl accelerate { acl-number | all } Available in any view