3 configuration example, 6 user-defined acl configuration, 3 configuration example -14 – H3C Technologies H3C S3100 Series Switches User Manual

Operation Manual – ACL

H3C S3100-52P Ethernet Switch

Chapter 1 ACL Configuration

1-14

Keyword

CoS in decimal

CoS in binary

excellent-effort

3 011

controlled-load

4 100

video

5 101

voice

6 110

network-management

7 111

When you define an ACL rule using the rule command with the rule-id argument
provided,

z

If the ACL rule identified by the rule-id argument already exists, the settings
specified in the rule command overwrite the corresponding settings of the existing
rule. And the existing settings remain unchanged if the corresponding settings are
not specified in the command.

z

If the ACL rule identified by the rule-id argument does not exist, you will create a
new rule.

z

The content of a modified or created rule cannot be identical with the content of
any existing rules; otherwise the rule modification or creation will fail, and the
system prompts that the rule already exists.

If you do not specify the rule-id argument when creating an ACL rule, the rule will be
numbered automatically.

1.5.3 Configuration Example

# Configure ACL 4000 to deny packets sourced from the MAC address 000d-88f5-97ed,
destined for the MAC address 0011-4301-991e, and with their 802.1p priority being 3.

system-view

[H3C] acl number 4000

[H3C-acl-ethernetframe-4000] rule deny cos 3 source 000d-88f5-97ed

ffff-ffff-ffff dest 0011-4301-991e ffff-ffff-ffff

[H3C-acl-ethernetframe-4000] display acl 4000

Ethernet frame ACL 4000, 1 rule

Acl's step is 1

rule 0 deny cos excellent-effort source 000d-88f5-97ed ffff-ffff-ffff dest

0011-4301-991e ffff-ffff-ffff

1.6 User-Defined ACL Configuration

A user-defined ACL filters packets by comparing specific bytes in packet headers with
specified string.
A user-defined ACL can be numbered from 5000 to 5999.