Filter
Top Products
Configuring ACLs 211
Defining ACLs The switch supports several types of ACLs, which are described in this section.
Follow these steps to define an ACL
1 Enter the corresponding ACL view
2 Define ACL rules. Note that:
■ If the time-range keyword is not selected, the ACL will be effective at any time
after being activated.
■ You can define multiple rules for the ACL by using the rule command several
times.
■ If the ACL is sent directly to hardware for packet filtering and traffic
classification, the configuration matching order becomes ineffective. If the ACL
is used in filtering or classifying the packets processed by software, the
configuration matching order is available. You cannot modify the matching
order once you define it for an ACL rule.
■ By default, ACL rules are matched in configuration order.
Defining Basic ACLs
Basic ACLs make rules and process packets according to the source IP addresses.
Perform the following configurations in the specified views.
Defining Advanced ACLs
Advanced ACLs define classification rules and process packets according to the
source and destination IP addresses, TCP/UDP ports, packet priority. ACLs support
three types of priority schemes: ToS (type of service) priority, IP priority and DSCP
priority.
Perform the following configurations in the specified view.
Table 6 Defining Basic ACLs
Operation Command
Enter basic ACL view (system view) acl { number acl-number | name acl-name basic }
[ match-order { config | auto } ]
Define an ACL rule (basic ACL view) rule [ rule-id ] { permit | deny } [ source {
source-addr wildcard | any } | fragment |
time-range name | vpn-instance instance-name
]*
Delete an ACL rule (basic ACL view) undo rule rule-id [ source | fragment |
time-range | vpn-instance instance-name ]*
Delete an ACL or all ACLs (system view) undo acl { number acl-number | name acl-name |
all }
Table 7 Defining advanced ACL
Operation Command
Enter advanced ACL view (system view) acl { number acl-number | name acl-name
advanced } [ match-order { config | auto } ]