Configuring An Advanced Acl - HP A5120 EI Series Configuration Manual

To do...
Configure a description for the
IPv6 basic ACL
Set the rule numbering step
Create or edit a rule
Configure or edit a rule
description
Enable counting ACL rule matches
performed in hardware

Configuring an advanced ACL

Configuring an IPv4 advanced ACL
IPv4 advanced ACLs match packets based on source and destination IP addresses, protocols over IP, and
other protocol header information, such as TCP/UDP source and destination port numbers, TCP flags,
ICMP message types, and ICMP message codes.
IPv4 advanced ACLs also allow you to filter packets based on the following priority criteria: type of
service (ToS), IP precedence, and differentiated services codepoint (DSCP) priority.
Compared to IPv4 basic ACLs, IPv4 advanced ACLs allow more flexible and accurate filtering.
Follow these steps to configure an IPv4 advanced ACL:
To do...
Enter system view
Use the command...
description text
step step-value
rule [ rule-id ] { deny | permit } [
counting | fragment | logging |
source { ipv6-address prefix-length
| ipv6-address/prefix-length |
any } | time-range time-range-
name ] *
rule rule-id comment text
hardware-count enable
Use the command...
system-view
6
Remarks
Optional
By default, an IPv6 basic ACL has
no ACL description.
Optional
5 by default
Required
By default, an IPv6 basic ACL
does not contain any rule.
To create or edit multiple rules,
repeat this step.
If the ACL is for QoS traffic
classification, do not specify the
fragment keyword. This keyword
can cause ACL application
failure.
The logging and counting
keywords (even if specified) do
not take effect for QoS policies.
Optional
By default, an IPv6 basic ACL rule
has no rule description.
Optional
Disabled by default.
When the ACL is referenced by a
QoS policy, this command does
not take effect.
Remarks
––