Operation Manual – ACL
H3C S3610&S5510 Series Ethernet Switches
Chapter 2 IPv4 ACL Configuration
2-5
In addition, advanced IPv4 ACLs allow you to filter packets based on three priority
criteria: type of service (ToS), IP precedence, and differentiated services codepoint
(DSCP) priority.
Advanced IPv4 ACLs are numbered in the range 3000 to 3999. Compared with basic
IPv4 ACLs, they allow of more flexible and accurate filtering.
2.3.1 Configuration Prerequisites
If you want to reference a time range to a rule, define it with the
time-range
command
first.
2.3.2 Configuration Procedure
Follow these steps to configure an advanced IPv4 ACL:
To do…
Use the command…
Remarks
Enter system view
system-view
––
Create and enter
advanced IPv4 ACL view
acl number
acl-number
[
name acl-name
]
[
match-order
{
auto
|
config
} ]
Required
The default match order is
config
.
If you specify a name for
an IPv4 ACL when
creating the ACL, you can
use the
acl
name
acl-name
command to
enter the view of the ACL
later.
Create or modify a rule
rule
[
rule-id
] {
deny
|
permit
}
protocol
[
destination
{
dest-addr
dest-wildcard
|
any
} |
destination-port
operator port1
[
port2
] |
dscp
dscp | established |
fragment
|
icmp-type
{
icmp-type
icmp-code
|
icmp-message
} |
logging
|
precedence
precedence
|
reflective
|
source
{
sour-addr sour-wildcard
|
any
} |
source-port
operator port1
[
port2
] |
time-range
time-name
|
tos
tos
] *
Required
To create multiple rules,
repeat this step.
Set a rule numbering step
step
step-value
Optional
The default step is 5.