Configuration Example; Applying Acls On Ports; Configuration Preparation - H3C S7500 Series Operation Manual

Operation Manual – ACL
H3C S7500 Series Ethernet Switches
When you specify the rule ID by using the rule command, note that:
If the ACL is created with the config keyword specified and the rule identified by
the rule-id argument exists, the settings specified in the rule command overwrite
the counterparts of the existing rule (other settings of the rule remain unchanged).
If the ACL is created the auto keyword specified, the rules of the ACL cannot be
edited. In this case, the system will prompt errors when you execute the rule
command.
If the rule corresponding to the specified rule ID does not exist, you will create and
define a new rule.
The content of a modified or newly created rule must not be identical with the
content of any existing rule; otherwise the rule modification or creation will be
failed, and the system will prompt that the rule already exists.
If you do not specify a rule ID, you will create and define a new rule, and the system will
assign an ID for the rule automatically.
Note:
Only LPUs other than Type A support the user-defined ACL.

1.8.3 Configuration Example

# Configure ACL 5001 to deny all TCP packets.
<H3C> system-view
[H3C] time-range t1 18:00 to 23:00 sat
[H3C] acl number 5001
[H3C-acl-user-5001] rule 25 deny 06 ff 27 time-range t1
[H3C-acl-user-5001] display acl config 5001
User defined ACL
rule 25 deny 06 ff 27 time-range t1 (0 times matched) (Inactive)

1.9 Applying ACLs on Ports

By applying ACLs on ports, you can filter certain packets.

1.9.1 Configuration Preparation

You need to define an ACL before applying it on a port. For operations to define ACLs,
refer to Defining Basic
Defining User-Defined
5001, 1 rule
ACLs, Defining Advanced
ACLs.
1-19
Chapter 1 ACL Configuration
ACLs, Defining Layer 2 ACLs, and