H3C S7500E Series Configuration Manual page 23

Follow these steps to configure an Ethernet frame header ACL:
To do...
Enter system view
Create an Ethernet frame header
ACL and enter its view
Configure a description for the
Ethernet frame header ACL
Set the rule numbering step
Create or edit a rule
Configure or edit a rule description
Note that:
You can only modify the existing rules of an ACL that uses the match order of config. When
modifying a rule of such an ACL, you may choose to change just some of the settings, in which
case the other settings remain the same.
You cannot create a rule with, or modify a rule to have, the same permit/deny statement as an
existing rule in the ACL.
Use the command...
system-view
acl number acl-number [ name
acl-name ] [ match-order { auto |
config } ]
description text
step step-value
rule [ rule-id ] { deny | permit }
[ cos vlan-pri | dest-mac
dest-addr dest-mask | lsap
lsap-code lsap-wildcard |
source-mac sour-addr
source-mask | time-range
time-range-name | type type-code
type-wildcard ]*
rule rule-id comment text
1-13
Remarks
––
Required
By default, no ACL exists.
Ethernet frame header ACLs are
numbered in the range 4000 to
4999..
You can use the acl name
acl-name command to enter the
view of an existing named
Ethernet frame header ACL.
Optional
By default, an Ethernet frame
header ACL has no ACL
description.
Optional
5 by default.
Required
,
By default an Ethernet frame
header ACL does not contain any
rule.
To create or edit multiple rules,
repeat this step.
Note that the lsap keyword is not
supported if the ACL is to be
referenced by a QoS policy for
traffic classification.
Optional
By default, an Ethernet frame
header ACL rule has no rule
description.