Rule (For Layer 2 Acls) - H3C s3100 series Command Manual

Examples
# Create advanced ACL 3000 and define rule 1 to deny packets with the source IP address of
192.168.0.1 and DSCP priority of 46.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] acl number 3000
[Sysname-acl-adv-3000] rule 1 deny ip source 192.168.0.1 0 dscp 46
[Sysname-acl-adv-3000] quit
# Create advanced ACL 3001 and define rule 1 to permit TCP packets that are sourced from network
129.9.0.0/16, destined for network 202.38.160.0/24, and using the destination port number of 80.
[Sysname] acl number 3001
[Sysname-acl-adv-3001]
202.38.160.0 0.0.0.255 destination-port eq 80
After completing the above configuration, you can use the display acl command to view the
configuration information of the ACLs.

rule (for Layer 2 ACLs)

Syntax
rule [ rule-id ] { deny | permit } [ rule-string ]
undo rule rule-id
View
Layer 2 ACL view
Parameters
rule-id: ACL rule ID, in the range of 0 to 65534.
deny: Drops the matched packets.
permit: Permits the matched packets.
rule-string: ACL rule information, which can be a combination of the arguments/keywords described in
Table 1-15.
Table 1-15 Layer 2 ACL rule information
Parameters
format-type
lsap lsap-code
lsap-wildcard
rule 1 permit tcp
Type Function
Specifies the link
Link layer
layer
encapsulation
encapsulation
type
type in the rule
Specifies the
lsap field lsap field for the
ACL rule
1-19
source 129.9.0.0 0.0.255.255
This argument can be 802.3/802.2,
802.3, ether_ii, or snap.
lsap-code: Encapsulation format of
data frames, a 16-bit hexadecimal
number.
lsap-wildcard: Mask of the lsap
value, a 16-bit hexadecimal number
used to specify the mask bits.
destination
Description