Copying An Acl; Configuring Packet Filtering With Acls - HP FlexFabric 5700 series Configuration Manual

Step
4. Create or edit a rule.
5. (Optional.) Add or edit a rule
comment.
NOTE:
If a user-defined ACL is to match packets with VLAN tags, the offset must include the length of the VLAN
tags. Each VLAN tag is 4 bytes long.

Copying an ACL

You can create an ACL by copying an existing ACL (source ACL). The new ACL (destination ACL) has the
same properties and content as the source ACL, but not the same ACL number and name.
To successfully copy an ACL, make sure:
• The destination ACL number is from the same category as the source ACL number.
The source ACL already exists, but the destination ACL does not.
•
To copy an ACL:
Step
1. Enter system view.
2. Copy an existing ACL to create a new ACL.

Configuring packet filtering with ACLs

This section describes procedures for applying an ACL to filter incoming or outgoing IPv4 or IPv6 packets
on the specified interface.
NOTE:
The ACL-based packet filter function is available on Ethernet interfaces, VLAN interfaces, S-channel
interfaces, S-channel aggregate interfaces, VSI interfaces, and VSI aggregate interfaces. For more
information about S-channel interfaces, S-channel aggregate interfaces, VSI interfaces, and VSI
aggregate interfaces, see
Command
rule
[ rule-id ] {
l2
[ { rule-string rule-mask
offset }&<1-8> ] [
time-range
time-range-name ] *
rule rule-id comment text
EVB Configuration Guide
10
Remarks
By default, a user-defined ACL
deny permit
does not contain any rule.
| }
A user-defined ACL cannot be used
counting
|
for outbound QoS traffic
classification or outbound packet
filtering.
By default, no rule comments are
configured.
Command
system-view
acl [ ipv6 ] copy { source-acl-number | name
source-acl-name } to { dest-acl-number | name
dest-acl-name }
.