Manualshelf

H3C S7500E Series Ethernet Switches Operation Manual

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module
981982983984985986987988989990
Operation Manual – ACL
H3C S7500E Series Ethernet Switches Chapter 2 IPv4 ACL Configuration
2-4
Caution:
z You can modify the match order of an ACL with the acl number acl-number [ name
acl-name ] match-order { auto | config } command but only when it does not
contain any rules.
z The rule specified in the rule comment command must have existed.
2.2.3 Configuration Examples
# Create IPv4 ACL 2000 to deny the packets with source address 1.1.1.1 to pass.
<Sysname> system-view
[Sysname] acl number 2000
[Sysname-acl-basic-2000] rule deny source 1.1.1.1 0
# Verify the configuration.
[Sysname-acl-basic-2000] display acl 2000
Basic ACL 2000, named -none-, 1 rule,
ACL's step is 5
rule 0 deny source 1.1.1.1 0
2.3 Configuring an Advanced IPv4 ACL
Advanced IPv4 ACLs filter packets based on source IP address, destination IP address,
protocol carried on IP, and other protocol header fields, such as the TCP/UDP source
port, TCP/UDP destination port, ICMP message type, and ICMP message code.
In addition, advanced IPv4 ACLs allow you to filter packets based on three priority
criteria: type of service (ToS), IP precedence, and differentiated services codepoint
(DSCP) priority.
Advanced IPv4 ACLs are numbered in the range 3000 to 3999. Compared with basic
IPv4 ACLs, they allow of more flexible and accurate filtering.
2.3.1 Configuration Prerequisites
If you want to reference a time range to a rule, define it with the time-range command
first.
2.3.2 Configuration Procedure
Follow these steps to configure an advanced IPv4 ACL: