Configuring A Layer 2 Acl - Huawei Quidway S9300 Configuration Manual

Terabit routing switch
Table of Contents

Advertisement

Quidway S9300 Terabit Routing Switch
Configuration Guide - Security
l
l
If match-order is not used, the match order is config.
Step 3 Run the following command as required:
l
l
l
You can configure different advanced ACLs on the S9300 according to the protocol carried by
IP. Different parameter combinations are available for different protocol types.
----End

11.3.7 Configuring a Layer 2 ACL

Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
acl [ number ] acl-number [ match-order { auto | config } ]
A layer 2 ACL is created.
To create a layer 2 ACL, the value of acl-number ranges from 4000 to 4999.
match-order indicates the match order of ACL rules.
l
l
Issue 06 (2010–01–08)
auto: indicates that the ACL rules are matched on the basis of depth first principle.
config: indicates that the rules are matched on the basis of the configuration order.
When protocol is specified as the Transmission Control Protocol (TCP) or the User Datagram
Protocol (UDP), run:
rule [ rule-id ] { deny | permit } { tcp | udp } [ destination { destination-
address destination-wildcard | any } | destination-port eq port | dscp dscp |
fragment | precedence precedence | source { source-address source-wildcard |
any } | source-port eq port | time-range time-name | tos tos ]
An ACL rule is created.
When protocol is specified as ICMP, run:
rule [ rule-id ] { deny | permit } icmp [ destination { destination-address
destination-wildcard | any } | fragment | icmp-type { icmp-name | icmp-type icmp-
code } | precedence precedence | source { source-address source-wildcard | any }
| time-range time-name ]
An ACL rule is created.
When protocol is specified as another protocol rather than TCP, UDP, or ICMP, run:
rule [ rule-id ] { deny | permit } { protocol-number | gre | igmp | ip | ipinip
| ospf } [ destination { destination-address destination-wildcard | any } |
dscp dscp | fragment | precedence precedence | source { source-address source-
wildcard | any } | time-range time-name | tos tos ]
An ACL rule is created.
NOTE
dscp dscp and precedence precedence cannot be specified at the same time.
auto: indicates that the ACL rules are matched on the basis of depth first principle.
config: indicates that the rules are matched on the basis of the configuration order.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
*
11 ACL Configuration
*
*
11-7

Advertisement

Table of Contents
loading

Table of Contents