5 layer 2 acl configuration, 1 configuration preparation, 2 configuration procedure – H3C Technologies H3C S3100 Series Switches User Manual

Operation Manual – ACL

H3C S3100-52P Ethernet Switch

Chapter 1 ACL Configuration

1-12

1.5 Layer 2 ACL Configuration

Layer 2 ACLs filter packets according to their Layer 2 information, such as the source
and destination MAC addresses, VLAN priority, and Layer 2 protocol types.
A Layer 2 ACL can be numbered from 4000 to 4999.

1.5.1 Configuration Preparation

To configure a time range-based Layer 2 ACL rule, you need to create the
corresponding time ranges first. For information about time range configuration, refer to
section 1.2 “Time Range Configuration”.
The settings to be specified in the rule, such as source and destination MAC addresses,
VLAN priorities, and Layer 2 protocol types, are determined.

1.5.2 Configuration Procedure

Table 1-11

Define a Layer 2 ACL rule

Operation

Command

Description

Enter system view

system-view

—

Create a Layer 2 ACL or

enter layer 2 ACL view

acl number

acl-number

Required

Define an ACL rule

rule

[ rule-id ] { permit |

deny

} rule-string

Required

Assign a description string

to the ACL rule

rule

rule-id comment text

Optional

Assign a description string

to the ACL

description

text

Optional

Display the information

about an ACL or all the

ACLs.

display

acl { all |

acl-number

}

Optional
This command can be

executed in any view.

The rule-string argument of the rule command can be a combination of the
arguments/keywords described in Table 1-12.

Table 1-12

Layer 2 ACL rule information

Parameter

Type

Function

Description

format-type

Link layer

encapsulation

type

Specifies the

link layer

encapsulation

type for the

ACL rule

This argument can be

802.3/802.2, 802.3, ether_ii,

or snap.