Configuring an ethernet frame header acl, Configuring a user-defined acl – H3C Technologies H3C SR8800 User Manual
Page 19
10
NOTE:
When configuring IPv6 advanced ACLs for a QoS policy that is to be applied to an SPC card, you must set
the ACL rule length limit to 80 bytes. For more information about the ACL rule length limit, see
ACL and
QoS Command Reference.
Configuring an Ethernet frame header ACL
Ethernet frame header ACLs, also called "Layer 2 ACLs," match packets based on Layer 2 protocol
header fields such as source MAC address, destination MAC address, 802.1p priority (VLAN priority),
and link layer protocol type.
To configure an Ethernet frame header ACL:
Step
Command
Remarks
1.
Enter system view.
system-view N/A
2.
Create an Ethernet frame
header ACL and enter its
view.
acl number acl-number [ name
acl-name ] [ match-order { auto |
config } ]
By default, no ACL exists.
Ethernet frame header ACLs are
numbered in the range 4000 to
4999.
You can use the acl name acl-name
command to enter the view of a
named Ethernet frame header
ACL.
3.
Configure a description for
the Ethernet frame header
ACL.
description text
Optional.
By default, an Ethernet frame
header ACL has no ACL
description.
4.
Set the rule numbering step.
step step-value
Optional.
The default setting is 5.
5.
Create or edit a rule.
rule [ rule-id ] { deny | permit } [ cos
vlan-pri | counting | dest-mac
dest-addr dest-mask | { lsap
lsap-type lsap-type-mask | type
protocol-type protocol-type-mask }
| source-mac sour-addr
source-mask | time-range
time-range-name ] *
By default
,
an Ethernet frame
header ACL does not contain any
rule.
To create or edit multiple rules,
repeat this step.
6.
Configure or edit a rule
description.
rule rule-id comment text
Optional.
By default, an Ethernet frame
header ACL rule has no rule
description.
7.
Enable rule match counting
for the Ethernet frame header
ACL.
hardware-count enable
Optional.
By default, rule match counting is
disabled.
Configuring a user-defined ACL