5
(Optional.) Configuring packet filtering with ACLs
Configuring a basic ACL
This section describes procedures for configuring IPv4 and IPv6 basic ACLs.
Configuring an IPv4 basic ACL
IPv4 basic ACLs match packets based only on source IP addresses.
To configure an IPv4 basic ACL:
1. Enter system view.
system-view
N/A
2. Create an IPv4 basic ACL
and enter its view.
acl basic
{ acl-number |
name
acl-name } [
match-order
{
auto
|
config
} ]
By default, no ACL exists.
The value range for a numbered
IPv4 basic ACL is 2000 to 2999.
Use the
acl basic
acl-number
command to enter the view of a
numbered IPv4 basic ACL.
Use the
acl basic
name
acl-name command to enter the
view of a named IPv4 basic ACL.
3. (Optional.) Configure a
description for the IPv4 basic
ACL.
description
text
By default, an IPv4 basic ACL
does not have a description.
4. (Optional.) Set the rule
numbering step.
step
step-value
By default, the rule numbering
step is 5 and the start rule ID is 0.
5. Create or edit a rule.
rule
[ rule-id ] {
deny
|
permit
}
[
fragment
|
source
{ source-address source-wildcard
|
any
} |
time-range
time-range-name ] *
By default, an IPv4 basic ACL
does not contain any rules.
6. (Optional.) Add or edit a rule
comment.
rule
rule-id
comment
text
By default, no rule comment is
configured.
Configuring an IPv6 basic ACL
IPv6 basic ACLs match packets based only on source IP addresses.
To configure an IPv6 basic ACL:
1. Enter system view.
system-view
N/A
To Next Page
Loading...
