HP VPN Firewall Appliances Access Control Configuration Guide
19
Ste
p
Command Remarks
5. Create or edit a
rule.
rule [ rule-id ] { deny | permit } protocol
[ { { ack ack-value | fin fin-value | psh
psh-value | rst rst-value | syn syn-value
| urg urg-value } * | established } |
counting | destination { dest-address
dest-prefix | dest-address/dest-prefix |
any } | destination-port operator port1
[ port2 ] | dscp dscp | flow-label
flow-label-value | fragment |
icmp6-type { icmp6-type icmp6-code |
icmp6-message } | logging | routing
[ type routing-type ] | source
{ source-address source-prefix |
source-address/source-prefix | any } |
source-port operator port1 [ port2
] |
time-range time-range-name |
vpn-instance vpn-instance-name ] *
By default IPv6 advanced ACL does not
contain any rule.
The logging keyword takes effect only
when the module (for example, a firewall)
using the ACL supports logging.
6. Add or edit a rule
comment.
rule rule-id comment text
Optional.
By default, no rule comments are
configured.
7. Add or edit a rule
range remark.
rule [ rule-id ] remark text
Optional.
By default, no rule range remarks are
configured.
Configuring an Ethernet frame header ACL
Ethernet frame header ACLs, also called "Layer 2 ACLs," match packets based on Layer 2 protocol
header fields, such as source MAC address, destination MAC address, 802.1p priority (VLAN priority),
and link layer protocol type.
To configure an Ethernet frame header ACL:
Ste
p
Command Remarks
1. Enter system view.
system-view N/A
2. Create an
Ethernet frame
header ACL and
enter its view.
acl number acl-number [ name
acl-name ] [ match-order { auto
| config } ]
By default, no ACL exists.
Ethernet frame header ACLs are numbered in the
range of 4000 to 4999.
You can use the acl name acl-name command to
enter the view of a named Ethernet frame header
ACL.
3. Configure a
description for the
Ethernet frame
header ACL.
description text
Optional.
By default, an Ethernet frame header ACL has no
ACL description.
4. Set the rule
numbering step.
step step-value
Optional.
The default setting is 5.