Configuration examples, Configuring an ethernet frame header acl, Configuration prerequisites – H3C Technologies H3C WX6000 Series Access Controllers User Manual

41-5

z

You can modify the match order of an ACL with the acl number acl-number [ name acl-name ]

match-order

{ auto | config } command but only when it does not contain any rules.

z

The rule specified in the rule comment command must have existed.

Configuration Examples

# Create IPv4 ACL 3000, permitting TCP packets with port number 80 sent from 129.9.0.0 to
202.38.160.0 to pass.

system-view

[Sysname] acl number 3000

[Sysname-acl-adv-3000] rule permit tcp source 129.9.0.0 0.0.255.255 destination 202.38.160.0

0.0.0.255 destination-port eq 80

# Verify the configuration.

[Sysname-acl-adv-3000] display acl 3000

Advanced ACL 3000, named -none-, 1 rule,

ACL's step is 5

rule 0 permit tcp source 129.9.0.0 0.0.255.255 destination 202.38.160.0 0.0.0.255

destination-port eq www

Configuring an Ethernet Frame Header ACL

Ethernet frame header ACLs filter packets based on Layer 2 protocol header fields such as source MAC
address, destination MAC address, 802.1p priority (VLAN priority), and link layer protocol type. They
are numbered in the range 4000 to 4999.

Configuration Prerequisites

If you want to reference a time range to a rule, define it with the time-range command first.

Configuration Procedure

Follow these steps to configure an Ethernet frame header ACL:

To do…

Use the command…

Remarks

Enter system view

system-view

––

Create and enter Ethernet frame
header ACL view

acl number

acl-number [ name

acl-name

] [ match-order { auto |

config

} ]

Required
The default match order is config.
If you specify a name for an IPv4
ACL when creating the ACL, you
can use the acl name acl-name
command to enter the view of the
ACL later.