Configuring a Basic ACL Rule
Context
A basic ACL classifies packets by matching packet information against its rules. After a basic ACL is created, configure rules in the basic ACL.
When the device receives a packet, it matches the packet against ACL rules one by one based on the configuration order. Once the packet matches a rule in an ACL rule group, the device stops the matching process and performs the action specified in the matching rule on the packet.
Procedure
- Run system-view
The system view is displayed.
- Run acl { [ number ] acl-number | name acl-name { [ number ] acl-number | basic } }
A basic ACL is created and the basic ACL view is displayed.
The parameter acl-number specifies the number of a basic ACL. The value ranges from 2000 to 2999.
By default, no ACL is created.
- Run rule [ rule-id ] [ name rule-name ] { deny | permit } [ fragment-type fragment | source { source-ip-address { source-wildcard | 0 | src-netmask } | any } | time-range time-name | vpn-instance vpn-instance-name | logging ] *
Rules for the basic ACL are configured.
When you configure a basic ACL:
If all source IP addresses are specified (any in Step 3), the system will not check packets' source IP addresses.
When you specify the parameter time-range to reference a time range to the ACL, the ACL cannot be bound to the specified time range if the specified time-name does not exist.
- (Optional) Run rule rule-id description description
The description of a basic ACL rule is configured.
By default, no description is configured for an ACL rule.
You are not allowed to configure the description for a rule that has not been created.
- Run commit
The configuration is committed.