Entering Acl View - H3C SecPath F1800-A Operation Manual

Operation Manual - Security Defence
H3C SecPath F1800-A Firewall
II. ACL Creation Procedure
Follow two steps to create ACL on the SecPath F1800-A:

Entering ACL view

Configuring ACL rule
For basic ACL, advanced ACL and firewall ACL, use the acl command in system view
to enter ACL view and then use the rule command to configure ACL rules.
The next section will introduce how to enter ACL view (applicable to ACL in all
classes). How to configure three classes of ACL will be introduced in the following
three sections.
1.2.2 Entering ACL View
I. Basic Operation
No matter which class of ACL is configured, you need to enter ACL view first. Using
the following commands in system view, you can enter ACL view.
acl [ number ] acl-number
Using the keyword "number acl-number", you can define an ACL. ACL in the range of
2000 to 2999 is the basic ACL; ACL in the range of 3000 to 3999 is the advanced ACL;
ACL in the range of 5000 to 5499 is the firewall ACL.
II. Reated Concept – ACL Match Order
An ACL is composed of multiple permit or deny statements. Each statement
describes different rules, which may be repeated or inconsistent.
You need to match packets with ACL rules based on the following rules:
The firewall ACL is prior to the advanced ACL and the advanced ACL is prior to
the basic ACL.
Among the firewall ACL, the advanced ACL or the basic ACL, the ACL with the
smaller acl-number is matched first.
Among the same ACL rule group, the ACL with the smaller rule-id is matched
first.
Once the data stream successfully matches with a rule, it does not go on matching.
The firewall performs the subsequent data stream configuration based on this rule.
Configure the ACL rule carefully based on the practical situation and note the
matching order of the ACL rule.
6-4
Chapter 1 ACL