beautypg.com

Configuring layer 2 acl – H3C Technologies H3C WX3000 Series Unified Switches User Manual

Page 336

background image

36-7

z

If the ACL is created with the auto keyword specified, the newly created rules will be inserted in the
existent ones by depth-first principle, but the numbers of the existent rules are unaltered.

Configuration Example

# Configure ACL 3000 to permit the TCP packets sourced from the network 129.9.0.0/16 and destined
for the network 202.38.160.0/24 and with the destination port number being 80.

system-view

[device] acl number 3000

[device-acl-adv-3000] rule permit tcp source 129.9.0.0 0.0.255.255 destination 202.38.160.0

0.0.0.255 destination-port eq 80

# Display the configuration information of ACL 3000.

[device-acl-adv-3000] display acl 3000

Advanced ACL 3000, 1 rule

Acl's step is 1

rule 0 permit tcp source 129.9.0.0 0.0.255.255 destination 202.38.160.0 0.0.0.255

destination-port eq www

Configuring Layer 2 ACL

Layer 2 ACLs filter packets according to their Layer 2 information, such as the source and destination
MAC addresses, VLAN priority, and Layer 2 protocol types.

A Layer 2 ACL can be numbered from 4000 to 4999.

Configuration Prerequisites

z

To configure a time range-based Layer 2 ACL rule, you need to create the corresponding time
ranges first. For information about time range configuration, refer to

Configuring Time Range

.

z

The settings to be specified in the rule, such as source and destination MAC addresses, VLAN
priorities, and Layer 2 protocol types, are determined.

Configuration Procedure

Follow these steps to define a Layer 2 ACL rule:

To do…

Use the command…

Remarks

Enter system view

system-view

Create a Layer 2 ACL and
enter layer 2 ACL view

acl number

acl-number Required

Define an ACL rule

rule

[ rule-id ] { permit | deny }

rule-string

Required
For information about rule-string, refer to
ACL

in H3C WX3000 Series Unified

Switches Switching Engine Command
Reference

.

Assign a description
string to the ACL rule

rule

rule-id comment text

Optional
No description by default

Assign a description
string to the ACL

description

text

Optional
No description by default

See also other documents in the category H3C Technologies Routers: