ACL Config
Procedure
- Query an ACL.
- Click in the function area. Choose to open the ACL Config page.
- Set the search criteria.
- Click
to display
all matching records.
- Create an ACL.
- Click Create to open the Create ACL page, as shown in Figure 1.
Table 1 describes the parameters on the page.
Table 1 Create ACL Parameter
Description
ACL name
Indicates the name of an ACL. The ACL name must be unique.NOTE:- The value is a string starting with a letter, without spaces.
- Either an ACL number or an ACL name is required to identify an ACL.
- When you modify an ACL, the ACL name cannot be changed.
ACL number
Indicates the number of an ACL. It identifies an ACL. The value is an integer that ranges from 3000 to 3999.NOTE:- When you modify an ACL, the ACL number cannot be changed.
- Either an ACL number or an ACL name is required to identify an ACL.
ACL description
Indicates the description of an ACL. It is optional.
- Click Create to open the Create ACL page, as shown in Figure 1.
- Modify an ACL.
- Select an ACL and click Modify.
- Delete an ACL.
- Click in the function area. Choose to open the ACL Config page.
- Select an ACL and click Delete. If the ACL contains rules, the system prompts you that the rules in the ACL will be deleted and asks you whether to delete the ACL.
- Click OK. If the operation succeeds, the system returns to the ACL Config page; otherwise, an error message is displayed.
- Add rules.
- Select an ACL and click Add Rule.
Figure 2 shows the Add Rule page.
Table 2 describes the parameters for adding rules.
Table 2 Add Rule Parameter
Description
Action
Indicates whether to permit or deny packets. The default action is permit.
Protocol type
Indicates the type of the protocol. It is mandatory. The protocol types include:- GRE(47)
- ICMP(1)
- IGMP(2)
- IP
- IPINIP(4)
- OSPF(89)
- TCP(6)
- UDP(17)
- Customized typeNOTE:
The text box is valid only when the protocol type is customized.
Match IP
Source IP/Wildcard
Indicates the IP address and wildcard. By default, all source IP addresses are specified.
Destination IP/Wildcard
Indicates the IP address and wildcard. By default, all destination IP addresses are specified.
Match Packet Priority
IP precedence
Indicates that the packets are filtered according to the precedence field.
TOS
Indicates that packets are filtered according to the Type of Service (ToS).
DSCP
Specifies the Differentiated Services Code Point (DSCP).
NOTE:- If you set the IP precedence or TOS, the DSCP priority cannot be set.
- If you set the DSCP priority, the IP precedence or TOS cannot be set.
Matching Interface
Source port number
This parameter is valid only when the protocol type is TCP or UDP. If this parameter is not specified, TCP or UDP packets with any source port are matched.
Dest port number
This parameter is valid only when the protocol type is TCP or UDP. If this parameter is not specified, TCP or UDP packets with any destination port are matched.
Set Time
Time range
Indicates the time range when the ACL takes effect.NOTE:The time range name is displayed on the configuration result page.
- Select an ACL and click Add Rule.
- Modify a rule.
- Click in the function area. Choose to open the ACL Config page.
- Select an ACL and click
to expand the ACL rules. - Click
of a
rule to modify the rule. Table 2 describes the parameters
on the page.
Click
and 
to change the
order of the rule, and click Apply to make
the new order take effect. - Delete a rule.
- Click in the function area. Choose to open the ACL Config page.
- Select an ACL and click to expand the ACL rules.
- Click
of a
rule to delete the rule. In the dialog box that is displayed, click OK.
