Configuring an ethernet frame header acl – H3C Technologies H3C S12500 Series Switches User Manual

Page 19

Advertising
background image

10

Configuring an Ethernet frame header ACL

Ethernet frame header ACLs, also called "Layer 2 ACLs," match packets based on Layer 2 protocol
header fields such as source MAC address, destination MAC address, 802.1p priority (VLAN priority),

and link layer protocol type.
To configure an Ethernet frame header ACL:

Step

Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Create an Ethernet frame
header ACL and enter its

view.

acl number acl-number [ name
acl-name ] [ match-order { auto |

config } ]

By default, no ACL exists.
Ethernet frame header ACLs are

numbered in the range 4000 to
4999.
You can use the acl name acl-name
command to enter the view of a

named Ethernet frame header ACL.

3.

Configure a description for

the Ethernet frame header
ACL.

description text

Optional.
By default, an Ethernet frame
header ACL has no ACL

description.

4.

Set the rule numbering step.

step step-value

Optional.
The default setting is 5.

5.

Create or edit a rule.

rule [ rule-id ] { deny | permit } [ cos
vlan-pri | counting | dest-mac

dest-addr dest-mask | { lsap

lsap-type lsap-type-mask | type
protocol-type protocol-type-mask }

| source-mac sour-addr

source-mask | time-range
time-range-name ] *

By default

,

an Ethernet frame

header ACL does not contain any

rule.
The lsap keyword is not supported

in the current software version, and
is reserved for future support.
When the EB or EC2 cards are
operating in standard ACL mode,

the cards do not support the value
0x86DD 0xFFFF, which matches

IPv6 packets, for the protocol-type

protocol-type-mask argument.

6.

Add or edit a rule comment.

rule rule-id comment text

Optional.
By default, an Ethernet frame

header ACL rule has no rule
description.

7.

Add or edit a rule range
remark.

rule [ rule-id ] remark text

Optional.
By default, no rule range remarks
are configured.

8.

Enable rule match counting

for the Ethernet frame header
ACL.

hardware-count enable

Optional.
By default, rule matching counting
is disabled.

Advertising
This manual is related to the following products:

H3C S9500E Series Switches, H3C MSR 5600, H3C MSR 50, H3C MSR 3600, H3C MSR 30, H3C MSR 2600, H3C MSR 20-2X[40], H3C MSR 20-1X, H3C MSR 930, H3C MSR 900

Popular Brands
Popular manuals