beautypg.com

Configuring an ethernet frame header acl, Copying an acl – H3C Technologies H3C S10500 Series Switches User Manual

Page 17

background image

9

Configuring an Ethernet frame header ACL

Ethernet frame header ACLs, also called "Layer 2 ACLs," match packets based on Layer 2 protocol

header fields, such as source MAC address, destination MAC address, 802.1p priority (VLAN priority),

and link layer protocol type.
Follow these steps to configure an Ethernet frame header ACL:

To do…

Use the command…

Remarks

Enter system view

system-view ––

Create an Ethernet
frame header ACL

and enter its view

acl number acl-number
[ name acl-name ]

[ match-order { auto |

config } ]

Required
By default, no ACL exists.
Ethernet frame header ACLs are numbered in the
range of 4000 to 4999.
You can use the acl name acl-name command to enter
the view of a named Ethernet frame header ACL.

Configure a
description for the

Ethernet frame

header ACL

description text

Optional
By default, an Ethernet frame header ACL has no ACL

description.

Set the rule
numbering step

step step-value

Optional
5 by default.

Create or edit a rule

rule [ rule-id ] { deny |
permit } [ cos vlan-pri |
counting | dest-mac

dest-addr dest-mask | { lsap

lsap-type lsap-type-mask |

type protocol-type
protocol-type-mask } |

source-mac sour-addr

source-mask | time-range

time-range-name ] *

Required
By default

,

an Ethernet frame header ACL does not

contain any rule.
In releases lower than 1135, an Ethernet frame header

ACL used for QoS traffic classification or packet
filtering does not support the lsap keyword. In release

1135 or higher, an Ethernet frame header ACL used

for QoS traffic classification or packet filtering supports

the lsap keyword, and to use the lsap keyword, make
sure that the lsap-type argument is AAAA and the

lasp-type-mask argument is FFFF.

Add or edit a rule
comment

rule rule-id comment text

Optional
By default, an Ethernet frame header ACL rule has no
rule description.

Add or edit a rule

range remark

rule [ rule-id ] remark text

Optional
By default, no rule range remarks are configured.

Enable counting
ACL rule matches

performed in

hardware

hardware-count enable

Optional
Disabled by default.
When the ACL is referenced by a QoS policy, this
command does not take effect.

Copying an ACL

You can create an ACL by copying an existing ACL (source ACL). The new ACL (destination ACL) has the

same properties and content as the source ACL, but not the same ACL number and name.

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: