Configuring An Ethernet Frame Header Acl - HP MSR4080 Configuration Manual

Step
4. (Optional.) Set the rule
numbering step.
5. Create or edit a rule.
6. (Optional.) Add or edit a rule
comment.

Configuring an Ethernet frame header ACL

Ethernet frame header ACLs, also called "Layer 2 ACLs," match packets based on Layer 2 protocol
header fields, such as:
Source MAC address.
•
• Destination MAC address.
802.1p priority (VLAN priority).
•
Link layer protocol type.
•
To configure an Ethernet frame header ACL:
Step
1. Enter system view.
2. Create an Ethernet frame
header ACL and enter its
view.
Command
step step-value
rule [ rule-id ] { deny | permit }
protocol [ { { ack ack-value | fin
fin-value | psh psh-value | rst
rst-value | syn syn-value | urg
urg-value } * | established } |
counting | destination
{ dest-address dest-prefix |
dest-address/dest-prefix | any } |
destination-port operator port1
[ port2 ] | dscp dscp | flow-label
flow-label-value | fragment |
icmp6-type { icmp6-type
icmp6-code | icmp6-message } |
logging | routing [ type
routing-type ] | hop-by-hop [ type
hop-type ] | source
{ source-address source-prefix |
source-address/source-prefix |
any } | source-port operator port1
[ port2 ] | time-range
time-range-name | vpn-instance
vpn-instance-name ] *
rule rule-id comment text
Command
system-view
acl number acl-number [ name
acl-name ] [ match-order { auto |
config } ]
11
Remarks
The default setting is 5.
By default, IPv6 advanced ACL
does not contain any rule.
The logging keyword takes effect
only when the module (for
example, packet filtering) that uses
the ACL supports logging.
By default, no rule comments are
configured.
Remarks
N/A
By default, no ACL exists.
Ethernet frame header ACLs are
numbered in the range of 4000 to
4999.
You can use the acl name acl-name
command to enter the view of a
named ACL.