Setting The Packet Filtering Default Action; Enabling Hardware-Count For The Packet Filtering Default Action; Enabling Acl Acceleration - HP FlexNetwork MSR Series Configuration Manuals

Comware 7 acl and qos

Hide thumbs Also See for FlexNetwork MSR Series:

Configuration manual (392 pages)

Command reference manual (1005 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

page of 159

/ 159
Contents
Table of Contents
Bookmarks

Table of Contents

Step

Set the interval for outputting

packet

notifications.

Setting the packet filtering default action

Step

Enter system view.

Set

the

default action to deny.

NOTE:

The packet filtering default action does not take effect on zone pair packet filtering. The default

action for zone pair packet filtering is deny.

Enabling hardware-count for the packet filtering default

action

When you enable hardware-count for the packet filtering default action on an interface, the interface

counts how many times the packet filtering default action is performed.

To enable the hardware-count feature for the packet filtering default action on an interface, make

sure you have applied ACLs to the interface for packet filtering.

To enable hardware-count for the packet filtering default action:

Step

Enter system view.

Enter interface view.

Enable hardware-count for

the packet filtering default

action on the interface.

Enabling ACL acceleration

ACL acceleration speeds up ACL rule lookup. The acceleration effect increases with the number of

ACL rules. For example, when a large ACL is used for a session-based service, such as NAT or

ASPF, ACL acceleration can avoid session timeouts caused by ACL processing delays.

To enable ACL acceleration:

Step

Enter system view.

Command

acl { logging | trap } interval

filtering

logs

interval

Command

system-view

packet

filtering

packet-filter default deny

Command

system-view

interface

interface-number

packet-filter default { inbound |

outbound } hardware-count

Command

system-view

interface-type

Remarks

The default setting is 0 minutes.

By default, the device does not

generate log entries or SNMP

notifications for packet filtering.

Remarks

N/A

default,

the

packet

permits packets that do not match

any ACL rule to pass.

Remarks

N/A

By default, hardware-count is

disabled for the packet filtering

default action.

Remarks

N/A

filter

Table of Contents

Setting The Packet Filtering Default Action; Enabling Hardware-Count For The Packet Filtering Default Action; Enabling Acl Acceleration - HP FlexNetwork MSR Series Configuration Manuals

Setting the packet filtering default action

Enabling ACL acceleration

Related Manuals for HP FlexNetwork MSR Series

Related Content for HP FlexNetwork MSR Series

Table of Contents