beautypg.com

Configuring an ethernet frame header acl – H3C Technologies H3C S7500E Series Switches User Manual

Page 22

background image

1-12

To do…

Use the command…

Remarks

Create or edit a rule

rule [ rule-id ] { deny | permit } protocol

[ { established | { ack ack-value | fin

fin-value | psh psh-value | rst rst-value |

syn syn-value | urg urg-value } * } |

destination { dest dest-prefix |

dest/dest-prefix | any } |

destination-port operator port1 [ port2 ]

| dscp dscp | fragment | icmpv6-type

{ icmpv6-type icmpv6-code |

icmpv6-message } | logging | source

{ source source-prefix |

source/source-prefix | any } |

source-port operator port1 [ port2 ] |

time-range time-range-name ] *

Required

By default IPv6 advanced ACL

does not contain any rule.

To create or edit multiple rules,

repeat this step.

Note that if the ACL is to be

referenced by a QoS policy for

traffic classification, the logging

and fragment keywords are not

supported and the operator

argument cannot be:

z

neq, if the policy is for the

inbound traffic,

z

gt, lt, neq or range, if the

policy is for the outbound

traffic.

Configure or edit a rule

description

rule rule-id comment text

Optional

By default, an IPv6 ACL rule has

no rule description.

Note that:

z

You can only modify the existing rules of an ACL that uses the match order of config. When

modifying a rule of such an ACL, you may choose to change just some of the settings, in which

case the other settings remain the same.

z

You cannot create a rule with, or modify a rule to have, the same permit/deny statement as an

existing rule in the ACL.

z

When the ACL match order is auto, a newly created rule will be inserted among the existing rules

in the depth-first match order. Note that the IDs of the rules still remain the same.

You can modify the match order of an IPv6 ACL with the acl ipv6 number acl6-number [ name

acl6-name ] match-order { auto | config } command but only when it does not contain any rules.

Configuring an Ethernet Frame Header ACL

Ethernet frame header ACLs, also called Layer 2 ACLs, match packets based on Layer 2 protocol

header fields such as source MAC address, destination MAC address, 802.1p priority (VLAN priority),

and link layer protocol type.

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: