Add/Modify Access ACL

User Access Manager Help >> Operation Guide >> User Access Policy >> Access Policy >> Access ACL >> Add/Modify Access ACL

Perform this task to add or modify an access ACL.

Procedure

Click the User tab. From the navigation tree, select User Access Policy > Access Policy.
Click Access ACL on the upper right corner of the access policy list.
Click Add to add an ACL, or click the Modify icon for an ACL on the ACL list to modify it.
Configure basic information for the ACL.
Configure ACL rules for the ACL by using one of the following methods:
- In the ACL Rule List area, select Manually Add, click Add, and then manually configure the rule on the page that appears.
- In the ACL Rule List area, select Select Access ACL Rule Set, click Add, and then select ACL rule sets for the ACL on the page that appears.
Click OK.

Parameters

Default Action: Specifies the action to take on a packet that does not match any access ACL rules. If the action is permit, the access device allows the packet to pass through. If the action is deny, the access device drops the packet.
Count packets that do not match the ACL: Specifies whether to count packets that do not match any rule in the ACL.
Service Group: Select a service group for the ACL. The service group ensures privilege management of the ACL. The administrators and maintainers can add the ACL to one of the service groups to which they have the management privilege.
Type: Specifies the method to add ACL rules to the ACL. Options are Add Manually and Select Access ACL Rule Set.
ACL Rule List: Displays all rules in the ACL.
Matching Criteria for ACL Rules

Protocol: Specifies the packet protocol as one of the matching criteria. To apply the rule to all IP packets, select the IP option.
Action: Specifies the action to take on packets that match the rule. If the action is permit, the access device allows the matching packets to pass through. If the action is deny, the access device drops the matching packets.
Dest IP: Specifies the destination IP address of packets as one of the matching criteria.
Mask Length: Specifies the mask length of the destination IP address.
Dotted Decimal Mask: Displays the mask of the destination IP address in dotted decimal notation. After you set the mask length, UAM automatically fills in this field.
Dest Port: Specifies the destination port number of packets as one of the matching criteria. This field is available only when protocol type is TCP or UDP. By default, the destination port is empty, which indicates any port number.
Counting: Specifies whether to enable the access device to count packets that match this rule.
Insert at: Enter a value to indicate the place where the rule is inserted in the ACL rule list. If you enter 1, the rule is inserted at the top of the ACL list, with rule number 1. If you leave this field empty or enter a value larger than any existing rule number, this rule is inserted at the end of the ACL list.

Configuration Example

Create an ACL rule to permit packets destined for 192.168.0.12/24 with the destination port 8080. You can manually add the rule or select the predefined ACL rule set that has this rule.

Manually Adding ACL rule

Selecting Predefined ACL Rule Set

Remarks

Access ACL names must be unique. Once you create an ACL, you cannot modify its name.
The recommended number of ACL rules is 1 to 64 in each ACL. If an ACL includes more than 64 ACL rules, the rule deployment might fail.
If the selected ACL rule sets include multiple ACL rules that have the same configuration, the system considers them as the same ACL rule.
ACL rules apply only to outbound packets from the device.
When you modify an ACL, you cannot change its service group.
The destination IP address column of the ACL rule list displays the result of a bitwise AND operation between the destination IP address and the mask of each ACL rule.
Access ACLs might not be supported on some HP switches.
A access ACL rule added by clicking the Add icon for a access ACL rule will be inserted after the access ACL rule.