H3C S3610-28P Operation Manual page 1040

Operation Manual – ACL
H3C S3610&S5510 Series Ethernet Switches
In addition, advanced IPv4 ACLs allow you to filter packets based on three priority
criteria: type of service (ToS), IP precedence, and differentiated services codepoint
(DSCP) priority.
Advanced IPv4 ACLs are numbered in the range 3000 to 3999. Compared with basic
IPv4 ACLs, they allow of more flexible and accurate filtering.
2.3.1 Configuration Prerequisites
If you want to reference a time range to a rule, define it with the time-range command
first.
2.3.2 Configuration Procedure
Follow these steps to configure an advanced IPv4 ACL:
Enter system view
Create and enter
advanced IPv4 ACL view
Create or modify a rule
Set a rule numbering step
To do...
system-view
acl number acl-number
[ name acl-name ]
[ match-order { auto |
config } ]
rule [ rule-id ] { deny |
permit } protocol
[ destination { dest-addr
dest-wildcard | any } |
destination-port
operator port1 [ port2 ] |
dscp dscp | established |
fragment | icmp-type
{ icmp-type icmp-code |
icmp-message } | logging
| precedence precedence
| reflective | source
{ sour-addr sour-wildcard |
any } | source-port
operator port1 [ port2 ] |
time-range time-name |
tos tos ] *
step step-value
Use the command...
2-5
Chapter 2 IPv4 ACL Configuration
Remarks
––
Required
The default match order is
config.
If you specify a name for
an IPv4 ACL when
creating the ACL, you can
use the acl name
acl-name command to
enter the view of the ACL
later.
Required
To create multiple rules,
repeat this step.
Optional
The default step is 5.