Configuring An Ethernet Frame Header Acl - H3C S5120-SI Series Configuration Manual

When the ACL match order is auto, a newly created rule will be inserted among the existing rules
in the depth-first match order. Note that the IDs of the rules still remain the same.
You can modify the match order of an ACL with the acl number acl-number [ name acl-name ]
match-order { auto | config } command, but only when the ACL does not contain any rules.
The rule specified in the rule comment command must already exist.

Configuring an Ethernet Frame Header ACL

Ethernet frame header ACLs, also called Layer 2 ACLs, match packets based on Layer 2 protocol
header fields such as source MAC address, destination MAC address, 802.1p priority (VLAN priority),
and link layer protocol type.
Follow these steps to configure an Ethernet frame header ACL:
To do...
Enter system view
Create an Ethernet frame header
ACL and enter its view
Configure a description for the
Ethernet frame header ACL
Set the rule numbering step
Create or edit a rule
Configure or edit a rule description
Note that:
Use the command...
system-view
acl number acl-number [ name
acl-name ] [ match-order { auto |
config } ]
description text
step step-value
rule [ rule-id ] { deny | permit }
[ cos vlan-pri | dest-mac dest-addr
dest-mask | { lsap lsap-type
lsap-type-mask | type
protocol-type protocol-type-mask }
| source-mac sour-addr
source-mask | time-range
time-range-name ] *
rule rule-id comment text
1-8
Remarks
––
Required
By default, no ACL exists.
Ethernet frame header ACLs are
numbered in the range 4000 to
4999..
You can use the acl name
acl-name command to enter the
view of an existing named Ethernet
frame header ACL.
Optional
By default, an Ethernet frame
header ACL has no ACL
description.
Optional
5 by default.
Required
,
By default an Ethernet frame
header ACL does not contain any
rule.
To create or edit multiple rules,
repeat this step.
Optional
By default, an Ethernet frame
header ACL rule has no rule
description.