Operation Manual – ACL
H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1
ACL Configuration
1-5
A basic ACL can be numbered from 2000 to 2999.
1.3.1 Configuration Preparation
To configure a time range-based basic ACL rule, you need to create the corresponding
time range first. For information about time range configuration, refer to section
1.2
“Time Range Configuration”.
The source IP addresses based on which the ACL filters packets are determined.
1.3.2 Configuration Procedure
Table 1-2 Define a basic ACL rule
Operation Command Description
Enter system
view
system-view
—
Create an ACL or
enter basic ACL
view
acl number acl-number
[ match-order { config | auto } ]
By the default, the
matching order is
config.
Define an ACL
rule
rule [ rule-id ] { permit | deny }
[ fragment | source { sour-addr
sour-wildcard | any } | time-range
time-name ]*
Required
Assign a
description string
to the ACL
description text
Optional
When you define an ACL rule using the rule command with the rule-id argument
provided,
z If the ACL is created with the config keyword specified and the rule identified by
the rule-id argument exists, the settings specified in the rule command overwrite
the counterparts of the existing rule (other settings of the rule remain unchanged).
If the ACL is created with the auto keyword specified, the rules of the ACL cannot
be edited. In this case, the system prompts errors when you execute the rule
command.
z If the ACL rule identified by the rule-id argument does not exist, you will create a
new rule.
z The content of a modified or created rule cannot be identical with the content of
any existing rules; otherwise the rule modification or creation will fail, and the
system prompts that the rule already exists.
If you do not specify the rule-id argument when creating an ACL rule, the rule will be
numbered automatically.
To Next Page
Loading...
Need help?
General