Operation Manual – ACL
H3C S3610&S5510 Series Ethernet Switches
Chapter 2 IPv4 ACL Configuration
2-9
2.5 Configuring a User-Defined ACL
User-defined ACLs allow you to customize rules based on information of protocol
headers such as IP. When defining a user-defined ACL rule, you need to specify an
offset in bytes on which a match operation should start from the beginning of a packet
header and in addition, specify a mask. When comparing a packet against the rule, the
system ANDs the mask with the corresponding bytes in the packet and compare the
result with the rule.
User-defined ACLs are numbered in the range 5000 to 5999.
2.5.1 Configuration Prerequisites
If you want to reference a time range to a rule, define it with the
time-range
command
first.
2.5.2 Configuration Procedure
Follow these steps to configure a user-defined ACL:
To do…
Use the command…
Remarks
Enter system view
system-view
––
Create and enter
user-defined ACL
view
acl number
acl-number
[
name
acl-name
]
Required
If you specify a name for
an ACL when creating the
ACL, you can use the
acl
name
acl-name
command to enter the
view of the ACL later.
Create or modify a
rule
rule
[
rule-id
]
{
deny
|
permit
}
[ { {
ipv4
|
ipv6
|
l2
|
l4
|
start
}
rule-string
rule-mask
offset
}&<1-8> ] [
time-range
time-name
]
Required
To create multiple rules,
repeat this step.
Create an ACL
description
description
text
Optional
By default, no IPv4 ACL
description is present.
Create a rule
description
rule rule-id comment text
Optional
By default, no rule
description is present.