HP VPN Firewall Appliances Access Control Command Reference
Table Of Contents
- Title Page
- Contents
- ACL commands
- acl
- acl accelerate
- acl copy
- acl ipv6
- acl ipv6 copy
- acl ipv6 name
- acl name
- description
- display acl
- display acl accelerate
- display acl ipv6
- reset acl counter
- reset acl ipv6 counter
- rule (Ethernet frame header ACL view)
- rule (IPv4 advanced ACL view)
- rule (IPv4 basic ACL view)
- rule (IPv6 advanced ACL view)
- rule (IPv6 basic ACL view)
- rule comment
- rule remark
- step
- Security zone commands
- Address resource commands
- Service resource commands
- Time range resource commands
- Interzone policy commands
- Session management commands
- application aging-time
- display application aging-time
- display session aging-time
- display session relation-table
- display session statistics
- display session statistics history
- display session table
- reset session
- reset session statistics
- session aging-time
- session checksum
- session log bytes-active
- session log enable
- session log packets-active
- session log time-active
- session mode hybrid
- session persist acl
- session synchronization enable
- IP virtual fragment reassembly commands
- Connection limit commands
- Portal commands
- access-user detect
- display portal acl
- display portal connection statistics
- display portal free-rule
- display portal interface
- display portal local-server
- display portal server
- display portal server statistics
- display portal tcp-cheat statistics
- display portal user
- portal auth-network
- portal delete-user
- portal domain
- portal free-rule
- portal local-server
- portal max-user
- portal nas-id-profile
- portal nas-ip
- portal nas-port-id
- portal nas-port-type
- portal redirect-url
- portal server
- portal server banner
- portal server method
- portal server server-detect
- portal server user-sync
- reset portal connection statistics
- reset portal server statistics
- reset portal tcp-cheat statistics
- AAA commands
- General AAA commands
- aaa nas-id profile
- access-limit enable
- accounting command
- accounting default
- accounting dvpn
- accounting login
- accounting optional
- accounting portal
- accounting ppp
- accounting ssl-vpn
- authentication default
- authentication dvpn
- authentication login
- authentication portal
- authentication ppp
- authentication ssl-vpn
- authentication super
- authorization command
- authorization default
- authorization dvpn
- authorization login
- authorization portal
- authorization ppp
- authorization ssl-vpn
- cut connection
- display connection
- display domain
- domain
- domain default enable
- domain if-unknown
- idle-cut enable
- ip pool
- nas-id bind vlan
- self-service-url enable
- session-time include-idle-time
- state (ISP domain view)
- Local user commands
- RADIUS commands
- accounting-on enable
- attribute 25 car
- data-flow-format (RADIUS scheme view)
- display radius scheme
- display radius statistics
- display stop-accounting-buffer (for RADIUS)
- key (RADIUS scheme view)
- nas-ip (RADIUS scheme view)
- primary accounting (RADIUS scheme view)
- primary authentication (RADIUS scheme view)
- radius client
- radius nas-ip
- radius scheme
- radius trap
- reset radius statistics
- reset stop-accounting-buffer (for RADIUS)
- retry
- retry realtime-accounting
- retry stop-accounting (RADIUS scheme view)
- secondary accounting (RADIUS scheme view)
- secondary authentication (RADIUS scheme view)
- security-policy-server
- server-type (RADIUS scheme view)
- state primary
- state secondary
- stop-accounting-buffer enable (RADIUS scheme view)
- timer quiet (RADIUS scheme view)
- timer realtime-accounting (RADIUS scheme view)
- timer response-timeout (RADIUS scheme view)
- user-name-format (RADIUS scheme view)
- vpn-instance (RADIUS scheme view)
- HWTACACS commands
- data-flow-format (HWTACACS scheme view)
- display hwtacacs
- display stop-accounting-buffer (for HWTACACS)
- hwtacacs nas-ip
- hwtacacs scheme
- key (HWTACACS scheme view)
- nas-ip (HWTACACS scheme view)
- primary accounting (HWTACACS scheme view)
- primary authentication (HWTACACS scheme view)
- primary authorization
- reset hwtacacs statistics
- reset stop-accounting-buffer (for HWTACACS)
- retry stop-accounting (HWTACACS scheme view)
- secondary accounting (HWTACACS scheme view)
- secondary authentication (HWTACACS scheme view)
- secondary authorization
- stop-accounting-buffer enable (HWTACACS scheme view)
- timer quiet (HWTACACS scheme view)
- timer realtime-accounting (HWTACACS scheme view)
- timer response-timeout (HWTACACS scheme view)
- user-name-format (HWTACACS scheme view)
- vpn-instance (HWTACACS scheme view)
- General AAA commands
- Password control commands
- display password-control
- display password-control blacklist
- password
- password-control { aging | composition | history | length } enable
- password-control aging
- password-control alert-before-expire
- password-control authentication-timeout
- password-control complexity
- password-control composition
- password-control enable
- password-control expired-user-login
- password-control history
- password-control length
- password-control login idle-time
- password-control login-attempt
- password-control password update interval
- password-control super aging
- password-control super composition
- password-control super length
- reset password-control blacklist
- reset password-control history-record
- FIPS configuration commands
- Support and other resources
- Index
26
Related commands
• acl ipv6
• display ipv6 acl
• step
• time-range
rule comment
Use rule comment to add a comment about an existing ACL rule or edit its comment to make the rule easy
to understand.
Use undo rule comment to delete the ACL rule comment.
Syntax
rule rule-id comment text
undo rule rule-id comment
Default
An ACL rule has no rule comment.
Views
IPv4 basic/advanced ACL view, IPv6 basic/advanced ACL view, Ethernet frame header ACL view
Default command level
2: System level
Parameters
rule-id: Specifies an ACL rule ID, in the range of 0 to 65534. The ACL rule must already exist.
text: Specifies a comment about the ACL rule, a case-sensitive string of 1 to 127 characters.
Examples
# Create a rule in IPv4 basic ACL 2000 and add a comment about the rule.
<Sysname> system-view
[Sysname] acl number 2000
[Sysname-acl-basic-2000] rule 0 deny source 1.1.1.1 0
[Sysname-acl-basic-2000] rule 0 comment This rule is used on GigabitEthernet 0/1.
# Create a rule in IPv6 basic ACL 2000 and add a comment about the rule.
<Sysname> system-view
[Sysname] acl ipv6 number 2000
[Sysname-acl6-basic-2000] rule 0 permit source 1001::1 128
[Sysname-acl6-basic-2000] rule 0 comment This rule is used on GigabitEthernet 0/1.
Related commands
• display acl
• display acl ipv6
rule remark
Use rule remark to add a start or end remark for a range of rules that are created for the same purpose.