Configuring an ethernet frame header acl – H3C Technologies H3C S5120 Series Switches User Manual
Page 534
1-8
z
When the ACL match order is auto, a newly created rule will be inserted among the existing rules
in the depth-first match order. Note that the IDs of the rules still remain the same.
z
You can modify the match order of an ACL with the acl number acl-number [ name acl-name ]
match-order { auto | config } command, but only when the ACL does not contain any rules.
z
The rule specified in the rule comment command must already exist.
Configuring an Ethernet Frame Header ACL
Ethernet frame header ACLs, also called Layer 2 ACLs, match packets based on Layer 2 protocol
header fields such as source MAC address, destination MAC address, 802.1p priority (VLAN priority),
and link layer protocol type.
Follow these steps to configure an Ethernet frame header ACL:
To do…
Use the command…
Remarks
Enter system view
system-view ––
Create an Ethernet frame header
ACL and enter its view
acl number acl-number [ name
acl-name ] [ match-order { auto |
config } ]
Required
By default, no ACL exists.
Ethernet frame header ACLs are
numbered in the range 4000 to
4999..
You can use the acl name
acl-name command to enter the
view of an existing named Ethernet
frame header ACL.
Configure a description for the
Ethernet frame header ACL
description text
Optional
By default, an Ethernet frame
header ACL has no ACL
description.
Set the rule numbering step
step step-value
Optional
5 by default.
Create or edit a rule
rule [ rule-id ] { deny | permit }
[ cos vlan-pri | dest-mac dest-addr
dest-mask | { lsap lsap-type
lsap-type-mask | type
protocol-type protocol-type-mask }
| source-mac sour-addr
source-mask | time-range
time-range-name ] *
Required
By default
,
an Ethernet frame
header ACL does not contain any
rule.
To create or edit multiple rules,
repeat this step.
Configure or edit a rule description rule rule-id comment text
Optional
By default, an Ethernet frame
header ACL rule has no rule
description.
Note that: