Configuring an IPv4 basic ACL
IPv4 basic ACLs match packets based only on source IP addresses.
To configure an IPv4 basic ACL:
Step | Command | Remarks |
|---|---|---|
1. Enter system view. | system-view | N/A |
2. Create an IPv4 basic ACL and enter its view. | acl basic { acl-number | name acl-name } [ match-order { auto | config } ] acl number acl-number [ match-order { auto | config } ] | By default, no ACLs exist. The value range for a numbered IPv4 basic ACL is 2000 to 2999. Use the acl number acl-number or acl basic acl-number command to create a numbered IPv4 basic ACL. Use the acl number acl-number or acl basic acl-number command to enter the view of a numbered IPv4 basic ACL. Use the acl basic name acl-name command to enter the view of a named IPv4 basic ACL. |
3. (Optional.) Configure a description for the IPv4 basic ACL. | description text | By default, an IPv4 basic ACL does not have a description. |
4. (Optional.) Set the rule numbering step. | step step-value [ start start-value ] | By default, the rule numbering step is 5 and the start rule ID is 0. |
5. Create or edit a rule. | rule [ rule-id ] { deny | permit } [ counting | fragment | logging | source { source-address source-wildcard | any } | time-range time-range-name ] * | By default, no IPv4 basic ACL rules exist. The logging keyword takes effect only when the module (for example, packet filtering) that uses the ACL supports logging. |
6. (Optional.) Add or edit a rule comment. | rule rule-id comment text | By default, no rule comment is configured. |