Configuring a user-defined ACL
User-defined ACLs allow you to customize rules based on information in protocol headers. You can define a user-defined ACL to match packets in which a specific number of bytes after the specified offset (relative to the specified header), matches the specified match pattern after being ANDed with a match pattern mask.
To configure a user-defined ACL:
Step | Command | Remarks |
---|---|---|
1. Enter system view. | system-view | N/A |
2. Create a user-defined ACL and enter its view. | acl number acl-number [ name acl-name ] | By default, no ACL exists. User-defined ACLs are numbered in the range of 5000 to 5999. You can use the acl name acl-name command to enter the view of a user-defined ACL. |
3. Configure a description for the user-defined ACL. | description text | Optional. By default, a user-defined ACL has no ACL description. |
4. Create or edit a rule. | rule [ rule-id ] { deny | permit } [ { l2 rule-string rule-mask offset }&<1-8> ] [ counting | time-range time-range-name ] * | By default, a user-defined ACL does not include any rule. |
5. Add or edit a rule comment. | rule rule-id comment text | Optional. By default, no rule comments are configured. |
6. Add or edit a rule range remark. | rule [ rule-id ] remark text | Optional. By default, no rule range remarks are configured. |