H3C Technologies H3C S7500E Series Switches User Manual

1-13

Follow these steps to configure an Ethernet frame header ACL:

To do…

Use the command…

Remarks

Enter system view

system-view ––

Create an Ethernet frame header

ACL and enter its view

acl number acl-number [ name

acl-name ] [ match-order { auto |

config } ]

Required

By default, no ACL exists.

Ethernet frame header ACLs are

numbered in the range 4000 to

4999..

You can use the acl name

acl-name command to enter the

view of an existing named

Ethernet frame header ACL.

Configure a description for the

Ethernet frame header ACL

description text

Optional

By default, an Ethernet frame

header ACL has no ACL

description.

Set the rule numbering step

step step-value

Optional

5 by default.

Create or edit a rule

rule [ rule-id ] { deny | permit }

[ cos vlan-pri | dest-mac

dest-addr dest-mask | lsap

lsap-code lsap-wildcard |

source-mac sour-addr

source-mask | time-range

time-range-name | type type-code

type-wildcard ]*

Required

By default

,

an Ethernet frame

header ACL does not contain any

rule.

To create or edit multiple rules,

repeat this step.

Note that the lsap keyword is not

supported if the ACL is to be

referenced by a QoS policy for

traffic classification.

Configure or edit a rule description rule rule-id comment text

Optional

By default, an Ethernet frame

header ACL rule has no rule

description.

Note that:

z

You can only modify the existing rules of an ACL that uses the match order of config. When

modifying a rule of such an ACL, you may choose to change just some of the settings, in which

case the other settings remain the same.

z

You cannot create a rule with, or modify a rule to have, the same permit/deny statement as an

existing rule in the ACL.