beautypg.com

Configuring an ethernet frame header acl, Copying an acl, Copying an ipv4 acl – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

Page 15

background image

8

Configuring an Ethernet frame header ACL

Ethernet frame header ACLs, also called "Layer 2 ACLs," match packets based on Layer 2 protocol

header fields such as source MAC address, destination MAC address, 802.1p priority (VLAN priority),

and link layer protocol type.
Follow these steps to configure an Ethernet frame header ACL:

To do…

Use the command…

Remarks

Enter system view

system-view ––

Create an Ethernet frame header
ACL and enter its view

acl number acl-number [ name

acl-name ] [ match-order { auto |
config } ]

Required
By default, no ACL exists.
Ethernet frame header ACLs are
numbered in the range 4000 to

4999.
You can use the acl name acl-name
command to enter the view of a

named Ethernet frame header
ACL.

Configure a description for the
Ethernet frame header ACL

description text

Optional
By default, an Ethernet frame
header ACL has no ACL

description.

Set the rule numbering step

step step-value

Optional
5 by default.

Create or edit a rule

rule [ rule-id ] { deny | permit } [ cos
vlan-pri | dest-mac dest-addr

dest-mask | { lsap lsap-type

lsap-type-mask | type protocol-type
protocol-type-mask } | source-mac

sour-addr source-mask |

time-range time-range-name ] *

Required
By default

,

an Ethernet frame

header ACL does not contain any
rule.
The lsap keyword is not supported
when the ACL is for QoS traffic

classification.

Add or edit a rule comment

rule rule-id comment text

Optional
By default, an Ethernet frame

header ACL rule has no rule
description.

Copying an ACL

You can create an ACL by copying an existing ACL (source ACL). The new ACL (destination ACL) has the
same properties and content as the source ACL, but not the same ACL number and name.
To successfully copy an ACL, make sure that:

The destination ACL number is from the same category as the source ACL number.

The source ACL already exists but the destination ACL does not.

Copying an IPv4 ACL

Follow these steps to copy an IPv4 ACL:

See also other documents in the category H3C Technologies Routers: