HP VPN Firewall Appliances Access Control Configuration Guide
20
Ste
p
Command Remarks
5. Create or edit a
rule.
rule [ rule-id ] { deny | permit }
[ cos vlan-pri | counting |
dest-mac dest-address
dest-mask | { lsap lsap-type
lsap-type-mask | type
protocol-type
protocol-type-mask } |
source-mac source-address
source-mask | time-range
time-range-name ] *
By default
,
an Ethernet frame header ACL does not
contain any rule.
6. Add or edit a rule
comment.
rule rule-id comment text
Optional.
By default, no rule comments are configured.
7. Add or edit a rule
range remark.
rule [ rule-id ] remark text
Optional.
By default, no rule range remarks are configured.
Copying an ACL
You can create an ACL by copying an existing ACL (source ACL). The new ACL (destination ACL) has the
same properties and content as the source ACL, but not the same ACL number and name.
To successfully copy an ACL, make sure:
• The destination ACL number is from the same category as the source ACL number.
• The source ACL already exists, but the destination ACL does not.
Copying an IPv4 basic, IPv4 advanced, or Ethernet frame header ACL
Ste
p
Command
1. Enter system view.
system-view
2. Copy an existing IPv4 basic, IPv4 advanced, or
Ethernet frame header ACL to create a new
ACL.
acl copy { source-acl-number | name source-acl-name }
to { dest-acl-number | name dest-acl-name }
Copying an IPv6 basic or IPv6 advanced ACL
Ste
p
Command
1. Enter system view.
system-view
2. Copy an existing IPv6 basic or IPv6
advanced ACL to create a new ACL.
acl ipv6 copy { source-acl6-number | name source-acl6-name } to
{ dest-acl6-number | name dest-acl6-name }