Configuring an ethernet frame header acl, Copying an acl – H3C Technologies H3C S6300 Series Switches User Manual
Page 18
8
Configuring an Ethernet frame header ACL
Ethernet frame header ACLs, also called "Layer 2 ACLs," match packets based on Layer 2 protocol
header fields, such as source MAC address, destination MAC address, 802.1p priority (VLAN priority),
and link layer protocol type.
To configure an Ethernet frame header ACL:
Step
Command
Remarks
1.
Enter system view.
system-view N/A
2.
Create an Ethernet frame
header ACL and enter its
view.
acl number acl-number [ name
acl-name ] [ match-order { auto |
config } ]
By default, no ACL exists.
Ethernet frame header ACLs are
numbered in the range of 4000 to
4999.
You can use the acl name acl-name
command to enter the view of a
named ACL.
3.
(Optional.) Configure a
description for the Ethernet
frame header ACL.
description text
By default, an Ethernet frame
header ACL has no ACL
description.
4.
(Optional.) Set the rule
numbering step.
step step-value
The default setting is 5.
5.
Create or edit a rule.
rule [ rule-id ] { deny | permit } [ cos
vlan-pri | counting | dest-mac
dest-address dest-mask | { lsap
lsap-type lsap-type-mask | type
protocol-type protocol-type-mask }
| source-mac source-address
source-mask | time-range
time-range-name ] *
By default
,
an Ethernet frame
header ACL does not contain any
rule.
If an Ethernet frame header ACL is
used for packet filtering or QoS
traffic classification and the lsap
keyword is used, the lsap-type
argument value must be AAAA,
and the lsap-type-mask argument
value must be FFFF. Otherwise, the
ACL does not take effect.
6.
(Optional.) Add or edit a rule
comment.
rule rule-id comment text
By default, no rule comments are
configured.
Copying an ACL
You can create an ACL by copying an existing ACL (source ACL). The new ACL (destination ACL) has the
same properties and content as the source ACL, but not the same ACL number and name.
To successfully copy an ACL, make sure:
•
The destination ACL number is from the same category as the source ACL number.
•
The source ACL already exists, but the destination ACL does not.
To copy an ACL:
- H3C S5820V2 Series Switches H3C S5830 Series Switches H3C S5830V2 Series Switches H3C S3600V2 Series Switches H3C S6800 Series Switches H3C S3100V2 Series Switches H3C S12500-X Series Switches H3C S5560 Series Switches H3C WX6000 Series Access Controllers H3C WX5000 Series Access Controllers H3C WX3000 Series Unified Switches H3C LSWM1WCM10 Access Controller Module H3C LSWM1WCM20 Access Controller Module H3C LSQM1WCMB0 Access Controller Module H3C LSRM1WCM2A1 Access Controller Module H3C LSBM1WCM2A0 Access Controller Module H3C S9800 Series Switches H3C S5130 Series Switches H3C S5120 Series Switches