H3C S3610-28P Operation Manual page 1044

Operation Manual – ACL
H3C S3610&S5510 Series Ethernet Switches
2.5 Configuring a User-Defined ACL
User-defined ACLs allow you to customize rules based on information of protocol
headers such as IP. When defining a user-defined ACL rule, you need to specify an
offset in bytes on which a match operation should start from the beginning of a packet
header and in addition, specify a mask. When comparing a packet against the rule, the
system ANDs the mask with the corresponding bytes in the packet and compare the
result with the rule.
User-defined ACLs are numbered in the range 5000 to 5999.
2.5.1 Configuration Prerequisites
If you want to reference a time range to a rule, define it with the time-range command
first.
2.5.2 Configuration Procedure
Follow these steps to configure a user-defined ACL:
To do...
Enter system view
Create and enter
user-defined ACL
view
Create or modify a
rule
Create an ACL
description
Create a rule
description
Use the command...
system-view
acl number acl-number [ name
acl-name ]
rule [ rule-id ] { deny | permit }
[ { { ipv4 | ipv6 | l2 | l4 | start }
rule-string rule-mask
offset }&<1-8> ] [ time-range
time-name ]
description text
rule rule-id comment text
2-9
Chapter 2 IPv4 ACL Configuration
Remarks
––
Required
If you specify a name for
an ACL when creating the
ACL, you can use the acl
name acl-name
command to enter the
view of the ACL later.
Required
To create multiple rules,
repeat this step.
Optional
By default, no IPv4 ACL
description is present.
Optional
By default, no rule
description is present.