Configuring an ethernet frame header acl – H3C Technologies H3C SecBlade NetStream Cards User Manual

Page 148

Advertising
background image

133

To do…

Use the command…

Remarks

Create or edit a rule

rule [ rule-id ] { deny | permit } protocol
[ { { ack ack-value | fin fin-value | psh
psh-value | rst rst-value | syn syn-value |

urg urg-value } * | established } |

counting | destination { dest-addr
dest-wildcard | any } | destination-port

operator port1 [ port2 ] | dscp dscp |

fragment | icmp-type { icmp-type
[ icmp-code ] | icmp-message } | logging

| precedence precedence | reflective |

source { sour-addr sour-wildcard | any } |

source-port operator port1 [ port2 ] | tos
tos ] *

Required
By default, an IPv4 advanced ACL
does not contain any rule.

Configure or edit a rule
description

rule rule-id comment text

Optional
By default, an IPv4 advanced ACL
rule has no rule description.

Configuring an Ethernet frame header ACL

Ethernet frame header ACLs, also called "Layer 2 ACLs," match packets based on Layer 2 protocol
header fields such as source MAC address, destination MAC address, 802.1p priority (VLAN priority),

and link layer protocol type.
Follow these steps to configure an Ethernet frame header ACL:

To do…

Use the command…

Remarks

Enter system view

system-view ––

Create an Ethernet
frame header ACL and

enter its view

acl number acl-number [ name
acl-name ] [ match-order { auto |

config } ]

Required
By default, no ACL exists.
Ethernet frame header ACLs are numbered

in the range 4000 to 4999.
You can use the acl name acl-name
command to enter the view of a named

Ethernet frame header ACL.

Configure a description
for the Ethernet frame

header ACL

description text

Optional
By default, an Ethernet frame header ACL
has no ACL description.

Set the rule numbering
step

step step-value

Optional
5 by default.

Create or edit a rule

rule [ rule-id ] { deny | permit } [ cos
vlan-pri | counting | dest-mac
dest-addr dest-mask | { lsap

lsap-type lsap-type-mask | type

protocol-type protocol-type-mask } |
source-mac sour-addr source-mask |

time-range time-range-name ] *

Required
By default

,

an Ethernet frame header ACL

does not contain any rule.

Advertising
This manual is related to the following products:

H3C S10500 Series Switches, H3C S7500E Series Switches, H3C S6800 Series Switches, H3C S6300 Series Switches, H3C S5800 Series Switches, H3C S5820X Series Switches, H3C S5820V2 Series Switches, H3C S5830 Series Switches, H3C S5830V2 Series Switches, H3C S3600V2 Series Switches, H3C S3100V2 Series Switches

Popular Brands
Popular manuals