H3C S3610-28P Operation Manual page 1041

Operation Manual – ACL
H3C S3610&S5510 Series Ethernet Switches
Create an IPv4 ACL
description
Create a rule description
Note that:
You will fail to create or modify a rule if its permit/deny statement is exactly the
same as another rule. In addition, if the ACL match order is set to auto rather than
config, you cannot modify ACL rules.
When defining ACL rules, you need not always assign them IDs. The system can
automatically assign rule IDs starting with 0 and increasing in certain rule
numbering steps. A rule ID thus assigned is greater than the current highest rule
ID. For example, if the rule numbering step is 5 and the current highest rule ID is
28, the next rule will be numbered 30. For detailed information about step, refer to
the step command.
You may use the display acl command to verify rules configured in an ACL. If the
match order for this ACL is auto, rules are displayed in the depth-first match order
rather than by rule number.
Caution:
You can modify the match order of an IPv4 ACL with the acl number acl-number
[ name acl-name ] match-order { auto | config } command but only when it does
not contain any rules.
The rule specified in the rule comment command must have existed.
2.3.3 Configuration Examples
# Create IPv4 ACL 3000, permitting TCP packets with port number 80 sent from
129.9.0.0 to 202.38.160.0 to pass.
<Sysname> system-view
[Sysname] acl number 3000
[Sysname-acl-adv-3000]
destination 202.38.160.0 0.0.0.255 destination-port eq 80
# Verify the configuration.
To do...
description text
rule rule-id comment text
rule
Use the command...
permit tcp source
2-6
Chapter 2 IPv4 ACL Configuration
Remarks
Optional
By default, no IPv4 ACL
description is present.
Optional
By default, no rule
description is present.
129.9.0.0 0.0.255.255