Huawei Quidway S3500 Series Operation Manual page 365

Operation Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches
PORT-PORT stands for a Layer-2 ACL rule from received ethernet port to sent
ethernet port, such as "rule 0 permit ingress interface ethernet0/1 egress interface
ethernet 0/2 time-range huawei ".
MAC-PORT stands for a Layer-2 ACL rule from source MAC address to sent
ethernet port, such as "rule 0 permit ingress 00e0-fc01-0101 1 egress interface
ethernet 0/1 time-range huawei ".
IP-IP stands for lay-3 ACL rules from source host IP address to destination host IP
address (the wildcard parameter can only be 0) , such as "rule 0 permit ip source
1.1.1.1 0 destination 2.2.2.2 0 time-range huawei".
NET-NET stands for lay-3 ACL rules from source segment IP address to destination
segment IP address (the wildcard parameter can not be 0), such as "rule 0 permit ip
source 1.1.1.1 0.0.255.255 destination 2.2.2.2 0.0.255.255 time-range huawei".
MAC-any stands for lay-2 ACL rule from source MAC address to any destination
MAC address, such as "rule 0 permit ingress 00e0-fc01-0101 1 egress any
time-range huawei", and so do any-MAC, IP-any, any-IP, NET-any and any-NET
rules.
For the MAC-MAC rule, the source and destination MAC addresses must be
configured in the same VLAN. That is, configure the same VLAN ID for the source
and destination MAC addresses in defining ACL.
For the rules of IP-any, any-IP, NET-any and any-NET, S3526 does not support
packet filtering of special protocols. You can only configure protocol type as IP (the
value of the parameter protocol in rule command can only be IP) in defining these
types of rules in S3526. Otherwise, error information will be returned when confirm
the rule.
IP-IP and MAC-MAC rules will function on the two directions, that is, user defines a
rule to filter packets from source address to destination address, the rule will also
filter the packets from the destination address to source address. For the rules of
IP-any, any-IP, NET-any, any-NET, MAC-any, any-MAC, they only function on one
direction which user defined.
For S3526, S3526 FM, S3526 FS switches, parameter icmp-type is only supported
when user defines advance ACL. ICMP packet type and code (the parameter type
code in rule command) can't be configured. Otherwise the system will prompt the
configuration is not available.
The restrictions corresponding to each QoS function describe the ACL rule available
in configuring this function. Other ACL rules will not be used in implementing this
function in S3526. Otherwise, the system will return error prompts.
Define the ACL rules to be used in it first before implementing a QoS function.
Before configure the QoS tasks, you have to define the corresponding ACL. Packet
filter function can be realized by activate the ACL.
Huawei Technologies Proprietary
2-6
Chapter 2 QoS Configuration