4000 Router Series ACL and QoS Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router

Ste

Command Remarks

4. Create or edit a rule.

rule [ rule-id ] { deny | permit }

[ { { ipv4 | ipv6 | l2 | l4 }

rule-string rule-mask

offset }&<1-8> ] [ counting |

time-range time-range-name ] *

By default, a user-defined ACL

does not contain any rule.

5. (Optional.) Add or edit a rule

comment.

rule rule-id comment text

By default, no rule comments are

configured.

Copying an ACL

You can create an ACL by copying an existing ACL (source ACL). The new ACL (destination ACL) has the

same properties and content as the source ACL, but not the same ACL number and name.

To successfully copy an ACL, make sure:

• The destination ACL number is from the same category as the source ACL number.

• The source ACL already exists, but the destination ACL does not.

To copy an ACL:

Ste

Command

1. Enter system view.

system-view

2. Copy an existing ACL to create a new ACL.

acl [ ipv6 ] copy { source-acl-number | name

source-acl-name } to { dest-acl-number | name

dest-acl-name }

Configuring packet filtering with ACLs

This section describes procedures for applying an ACL to filter incoming or outgoing IPv4 or IPv6 packets

on the specified interface.

Applying an ACL to an interface for packet filtering

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Enter interface view.

interface interface-type

interface-number

N/A

3. Apply an ACL to the interface

to filter packets.

packet-filter [ ipv6 ] { acl-number |

name acl-name } { inbound |

outbound }

By default, an interface does not

filter packets.

You can apply up to 32 ACLs to the

same direction of an interface.