beautypg.com

Configuring an ethernet frame header acl – H3C Technologies H3C SecBlade NetStream Cards User Manual

Page 148

background image

133

To do…

Use the command…

Remarks

Create or edit a rule

rule [ rule-id ] { deny | permit } protocol
[ { { ack ack-value | fin fin-value | psh
psh-value | rst rst-value | syn syn-value |

urg urg-value } * | established } |

counting | destination { dest-addr
dest-wildcard | any } | destination-port

operator port1 [ port2 ] | dscp dscp |

fragment | icmp-type { icmp-type
[ icmp-code ] | icmp-message } | logging

| precedence precedence | reflective |

source { sour-addr sour-wildcard | any } |

source-port operator port1 [ port2 ] | tos
tos ] *

Required
By default, an IPv4 advanced ACL
does not contain any rule.

Configure or edit a rule
description

rule rule-id comment text

Optional
By default, an IPv4 advanced ACL
rule has no rule description.

Configuring an Ethernet frame header ACL

Ethernet frame header ACLs, also called "Layer 2 ACLs," match packets based on Layer 2 protocol
header fields such as source MAC address, destination MAC address, 802.1p priority (VLAN priority),

and link layer protocol type.
Follow these steps to configure an Ethernet frame header ACL:

To do…

Use the command…

Remarks

Enter system view

system-view ––

Create an Ethernet
frame header ACL and

enter its view

acl number acl-number [ name
acl-name ] [ match-order { auto |

config } ]

Required
By default, no ACL exists.
Ethernet frame header ACLs are numbered

in the range 4000 to 4999.
You can use the acl name acl-name
command to enter the view of a named

Ethernet frame header ACL.

Configure a description
for the Ethernet frame

header ACL

description text

Optional
By default, an Ethernet frame header ACL
has no ACL description.

Set the rule numbering
step

step step-value

Optional
5 by default.

Create or edit a rule

rule [ rule-id ] { deny | permit } [ cos
vlan-pri | counting | dest-mac
dest-addr dest-mask | { lsap

lsap-type lsap-type-mask | type

protocol-type protocol-type-mask } |
source-mac sour-addr source-mask |

time-range time-range-name ] *

Required
By default

,

an Ethernet frame header ACL

does not contain any rule.

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: