Table of Contents
Advertisement
Operation Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches
Table 1-14 Defining the Layer-2 ACL
Enter Layer-2 ACL view(from system
view)
Add a sub-item to the ACL(from Layer-2
ACL view)
Delete a sub-item from the ACL(from
Layer-2 ACL view)
Delete one ACL or all the ACL(from
system view)
Layer-2 ACL can be identified with numbers ranging from 4000 to 4999.
The interface in the above command specifies the Layer-2 interface, such as the
Ethernet port of a switch.
IV. Defining the user-defined ACL
The user-defined ACL matches any bytes in the first 64 bytes of the Layer-2 data frame
with the character string defined by the user and then processes them accordingly. To
correctly use the user-defined ACL, you are required to understand the Layer-2 data
frame structure. The figure below shows the first 64 bytes of the Layer-2 data frame.
(Every letter represents a hexadecimal number and every two letters are one byte.)
Figure 1-1 The first 64 bytes of data frame
The table below lists the meaning and offset of each letter.
Operation
Huawei Technologies Proprietary
1-14
Chapter 1 ACL Configuration
Command
acl { number acl-number | name
acl-name link } [ match-order { config
| auto } ]
rule [ rule-id ] { permit | deny }
[ protocol ] [ cos vlan-pri ] [ ingress
{ { source-vlan-id | source-mac-addr
source-mac-wildcard
{
interface-name
interface-num } }* | any } ] [ egress
{ { dest-mac-addr dest-mac-wildcard |
interface
{
interface-name
interface-type interface-num } }* |
any } ] [ time-range name ]
undo rule rule-id
undo acl { number acl-number |
name acl-name | all }
|
interface
|
interface-type
|
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
