H3C S5500-EI series Operation Manual page 1028

Operation Manual – ACL
H3C S5500-EI Series Ethernet Switches
2.2.1 Configuration Prerequisites
If you want to reference a time range to a rule, define it with the time-range command
first.
2.2.2 Configuration Procedure
Follow these steps to configure a basic IPv4 ACL:
To do...
Enter system view
Create and enter
basic IPv4 ACL view
Create or modify a
rule
Set a rule numbering
step
Create an IPv4 ACL
description
Create a rule
description
Note that:
You will fail to create or modify a rule if its permit/deny statement is exactly the
same as another rule. In addition, if the ACL match order is set to auto rather than
config, you cannot modify ACL rules.
You may use the display acl command to verify rules configured in an ACL. If the
match order for this ACL is auto, rules are displayed in the depth-first match order
rather than by rule number.
Use the command...
system-view
acl number acl-number
[ name acl-name ]
[ match-order { auto |
config } ]
rule [ rule-id ] { deny |
permit } [ fragment |
logging | source
{ sour-addr
sour-wildcard | any } |
time-range time-name ]
*
step step-value
description text
rule rule-id comment
text
2-3
Chapter 2 IPv4 ACL Configuration
Remarks
––
Required
The default match order is
config.
If you specify a name for an
IPv4 ACL when creating the
ACL, you can use the acl name
acl-name command to enter the
view of the ACL later.
Required
To create multiple rules, repeat
this step.
Note that the logging keyword
is not supported if the ACL is to
be referenced by a QoS policy
for traffic classification.
Optional
The default step is 5.
Optional
By default, no IPv4 ACL
description is present.
Optional
By default, no rule description is
present.