Configuration Prerequisites; Configuration Procedure - H3C S5120-SI Series Operation Manual

Configuration Prerequisites

If you want to reference a time range in a rule, define it with the time-range command first.

Configuration Procedure

Follow these steps to configure an Ethernet frame header ACL:
To do...
Enter system view
Create an Ethernet frame
header ACL and enter its view
Create or modify a rule
Set the rule numbering step
Configure a description for the
Ethernet frame header ACL
Configure a rule description
Note that:
You can only modify the existing rules of an ACL that uses the match order of config. When
modifying a rule of such an ACL, you may choose to change just some of the settings, in which
case the other settings remain the same.
You cannot create a rule with, or modify a rule to have, the same permit/deny statement as an
existing rule in the ACL.
When the ACL match order is auto, a newly created rule will be inserted among the existing rules in
the depth-first match order. Note that the IDs of the rules still remain the same.
Use the command...
system-view
acl number acl-number [ name
acl-name ] [ match-order
{ auto | config } ]
rule [ rule-id ] { deny | permit }
[ cos vlan-pri | dest-mac
dest-addr dest-mask | { lsap
lsap-type lsap-type-mask | type
protocol-type
protocol-type-mask } |
source-mac sour-addr
source-mask | time-range
time-range-name ] *
step step-value
description text
rule rule-id comment text
2-5
Remarks
––
Required
The default match order is
config.
If you specify a name for an
ACL when creating the ACL,
you can use the acl name
acl-name command to enter
the view of the ACL later.
Required
To create or modify multiple
rules, repeat this step.
Optional
5 by default
Optional
By default, an Ethernet frame
header ACL has no ACL
description.
Optional
By default, an Ethernet frame
header ACL rule has no rule
description.