7
2. Create an IPv4 advanced
ACL and enter its view.
acl advanced
{ acl-number |
name
acl-name } [
match-order
{
auto
|
config
} ]
By default, no ACL exists.
The value range for a numbered
IPv4 advanced ACL is 3000 to
3999.
Use the
acl advanced
acl-number command to enter the
view of a numbered IPv4
advanced ACL.
Use the
acl advanced name
acl-name command to enter the
view of a named IPv4 advanced
ACL.
3. (Optional.) Configure a
description for the IPv4
advanced ACL.
description
text
By default, an IPv4 advanced
ACL does not have a description.
4. (Optional.) Set the rule
numbering step.
step
step-value
By default, the rule numbering
step is 5 and the start rule ID is 0.
5. Create or edit a rule.
rule
[ rule-id ] {
deny
|
permit
}
protocol [ { {
ack
ack-value |
fin
fin-value |
psh
psh-value |
rst
rst-value |
syn
syn-value |
urg
urg-value } * |
established
} |
destination
{ dest-address
dest-wildcard |
any
} |
destination-port
operator port1
[ port2 ] | {
dscp
dscp |
{
precedence
precedence |
tos
tos } * } |
fragment
|
icmp-type
{ icmp-type [ icmp-code ] |
icmp-message } |
source
{ source-address source-wildcard
|
any
} |
source-port
operator
port1 [ port2 ] |
time-range
time-range-name ] *
By default, an IPv4 advanced
ACL does not contain any rules.
6. (Optional.) Add or edit a rule
comment.
rule
rule-id
comment
text
By default, no rule comment is
configured.
Configuring an IPv6 advanced ACL
IPv6 advanced ACLs match packets based on the following criteria:
• Source IPv6 addresses.
• Destination IPv6 addresses.
• Packet priorities.
• Protocol numbers.
• Other protocol header fields such as the TCP/UDP source port number, TCP/UDP destination
port number, ICMPv6 message type, and ICMPv6 message code.
Compared to IPv6 basic ACLs, IPv6 advanced ACLs allow more flexible and accurate filtering.
To configure an IPv6 advanced ACL:
1. Enter system view.
system-view
N/A
To Next Page
Loading...
