Configuration Example - H3C S5500-SI Series Operation Manual

To do...
Set the rule numbering
step
Configure a description
for the advanced IPv4
ACL
Configure a rule
description
Note that:
You can only modify the existing rules of an ACL that uses the match order of config. When
modifying a rule of such an ACL, you may choose to change just some of the settings, in which
case the other settings remain the same.
You cannot create a rule with, or modify a rule to have, the same permit/deny statement as an
existing rule in the ACL.
When the ACL match order is auto, a newly created rule will be inserted among the existing rules in
the depth-first match order. Note that the IDs of the rules still remain the same.
You can modify the match order of an ACL with the acl number acl-number [ name acl-name ]
match-order { auto | config } command, but only when the ACL does not contain any rules.
The rule specified in the rule comment command must already exist.

Configuration Example

# Configure IPv4 ACL 3000 to permit TCP packets with the destination port number of 80 from 129.9.0.0
to 202.38.160.0.
<Sysname> system-view
[Sysname] acl number 3000
[Sysname-acl-adv-3000] rule permit tcp source 129.9.0.0 0.0.255.255 destination 202.38.160.0
0.0.0.255 destination-port eq 80
# Verify the configuration.
[Sysname-acl-adv-3000] display acl 3000
Advanced ACL 3000, named -none-, 1 rule,
ACL's step is 5
rule 0 permit tcp source 129.9.0.0 0.0.255.255 destination 202.38.160.0 0.0.0.255
destination-port eq www (5 times matched)
Use the command...
step step-value
description text
rule rule-id comment text
2-5
Remarks
Optional
5 by default
Optional
By default, an advanced IPv4 ACL
has no ACL description.
Optional
By default, an IPv4 ACL rule has no
rule description.