1. Manuals
  2. Brands
  3. H3C Manuals
  4. Network Router
  5. H3C S7500E Series
  6. Configuration manual

Configuring An Ethernet Frame Header Acl - H3C S7500E Series Configuration Manual

Hide thumbs Also See for S7500E Series:
Table of Contents

Advertisement

To do...
Create or edit a rule
Configure or edit a rule
description
Note that:
You can only modify the existing rules of an ACL that uses the match order of config. When
modifying a rule of such an ACL, you may choose to change just some of the settings, in which
case the other settings remain the same.
You cannot create a rule with, or modify a rule to have, the same permit/deny statement as an
existing rule in the ACL.
When the ACL match order is auto, a newly created rule will be inserted among the existing rules
in the depth-first match order. Note that the IDs of the rules still remain the same.
You can modify the match order of an IPv6 ACL with the acl ipv6 number acl6-number [ name
acl6-name ] match-order { auto | config } command but only when it does not contain any rules.

Configuring an Ethernet Frame Header ACL

Ethernet frame header ACLs, also called Layer 2 ACLs, match packets based on Layer 2 protocol
header fields such as source MAC address, destination MAC address, 802.1p priority (VLAN priority),
and link layer protocol type.
Use the command...
rule [ rule-id ] { deny | permit } protocol
[ { established | { ack ack-value | fin
fin-value | psh psh-value | rst rst-value |
syn syn-value | urg urg-value } * } |
destination { dest dest-prefix |
dest/dest-prefix | any } |
destination-port operator port1 [ port2 ]
| dscp dscp | fragment | icmpv6-type
{ icmpv6-type icmpv6-code |
icmpv6-message } | logging | source
{ source source-prefix |
source/source-prefix | any } |
source-port operator port1 [ port2 ] |
time-range time-range-name ] *
rule rule-id comment text
1-12
Remarks
Required
By default IPv6 advanced ACL
does not contain any rule.
To create or edit multiple rules,
repeat this step.
Note that if the ACL is to be
referenced by a QoS policy for
traffic classification, the logging
and fragment keywords are not
supported and the operator
argument cannot be:
neq, if the policy is for the
inbound traffic,
gt, lt, neq or range, if the
policy is for the outbound
traffic.
Optional
By default, an IPv6 ACL rule has
no rule description.

Advertisement

Table of Contents
loading

Related Manuals for H3C S7500E Series

Related Content for H3C S7500E Series

Table of Contents