Defining Acl - H3C S9500 Series Operation Manual

Operation Manual – QoS/ACL
H3C S9500 Series Routing Switches
Note:
The numbers listed in the table are not the actual length of these elements in IP
packets, but their length in flow template. DSCP field is one byte in flow template,
but six bits in IP packets. You can determine whether the total length of template
elements exceeds 16 bytes using these numbers.
The dscp, exp, ip-precedence and tos fields jointly occupy one byte. One byte is
occupied no matter you define one, two or three of these fields.
The cos and s-tag-vlan fields jointly occupy two bytes. Two bytes are occupied no
matter you define one or two of them. The c-tag-cos and c-tag-vlanid fields jointly
occupy two bytes. Two bytes are occupied no matter you define one or two of them.
The fragment-flags field is 0 in length in flow template, so it can be ignored when you
determine whether the total length of template elements exceeds 16 bytes.
You can either use the default template or define a flow template based on your needs.
Note:
Default flow template:
ip-protocol tcp-flag sport dport icmp-type icmp-code sip 0.0.0.0 dip 0.0.0.0 vlanid.
You cannot modify or delete the default flow template.
II. Applying Flow Template
Perform the following configurations in Ethernet port view to apply the user-defined flow
template to current port.
Table 1-8 Apply/Cancel flow template
Apply the user-defined flow template
Cancel the applied flow template

1.2.3 Defining ACL

The switch supports several types of ACLs, which are described in this section.
Follow these steps to define an ACL
1) Enter the corresponding ACL view
2) Define ACL rules
Operation
1-8
Chapter 1 ACL Configuration
Command
flow-template user-defined
undo flow-template user-defined