EasyManuals Logo

H3C S5120-EI Series User Manual

H3C S5120-EI Series
1166 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #814 background imageLoading...
Page #814 background image
2-3
Configuration Procedure
Follow these steps to configure a basic IPv4 ACL:
To do… Use the command… Remarks
Enter system view
system-view
––
Create a basic IPv4 ACL
and enter its view
acl number acl-number
[ name acl-name ]
[ match-order { auto |
config } ]
Required
The default match order is config.
If you specify a name for an IPv4 ACL
when creating the ACL, you can use
the acl name acl-name command to
enter the view of the ACL later.
Create or modify a rule
rule [ rule-id ] { deny |
permit } [ fragment | logging
| source { sour-addr
sour-wildcard | any } |
time-range time-range-name
| vpn-instance
vpn-instance-name ] *
Required
To create or modify multiple rules,
repeat this step.
Note that the logging keyword is not
supported if the ACL is to be
referenced by a QoS policy for traffic
classification.
Set the rule numbering
step
step step-value
Optional
5 by default
Configure a description for
the basic IPv4 ACL
description text
Optional
By default, a basic IPv4 ACL has no
ACL description.
Configure a rule
description
rule rule-id comment text
Optional
By default, an IPv4 ACL rule has no
rule description.
Note that:
z You can only modify the existing rules of an ACL that uses the match order of config. When
modifying a rule of such an ACL, you may choose to change just some of the settings, in which
case the other settings remain the same.
z You cannot create a rule with, or modify a rule to have, the same permit/deny statement as an
existing rule in the ACL.
z When the ACL match order is auto, a newly created rule will be inserted among the existing rules in
the depth-first match order. Note that the IDs of the rules still remain the same.
z You can modify the match order of an ACL with the acl number acl-number [ name acl-name ]
match-order { auto | config } command, but only when the ACL does not contain any rules.
z The rule specified in the rule comment command must already exist.
Configuration Example
# Configure IPv4 ACL 2000 to deny packets with source address 1.1.1.1.

Table of Contents

Other manuals for H3C S5120-EI Series

Preview: Installation Manual
Installation Manual96 pages
Preview: Command Reference
Command Reference242 pages
Preview: Installation Guide
Installation Guide63 pages
Preview: Configuration Guide
Configuration Guide144 pages
Preview: Configuration Commands
Configuration Commands29 pages
Preview: Irf Command Reference
Irf Command Reference32 pages
Preview: Installation, Quick Start
Installation, Quick Start31 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the H3C S5120-EI Series and is the answer not in the manual?

H3C S5120-EI Series Specifications

General IconGeneral
BrandH3C
ModelS5120-EI Series
CategorySwitch
LanguageEnglish

Related product manuals