Configuring An Ethernet Frame Header Acl - HP FlexFabric 5700 series Configuration Manual

Hide thumbs Also See for FlexFabric 5700 series:

Security configuration manual (460 pages)

Configuration manual (185 pages)

Configuration manual (125 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

page of 132

/ 132
Contents
Table of Contents
Bookmarks

Table of Contents

Step

Create or edit a

rule.

(Optional.) Add

or edit a rule

comment.

NOTE:

If an ACL is to match information in the IPv6 packet payload, it can only match packets with one extension

header. It cannot match packets with two or more extension headers or with the Encapsulating Security

Payload Header.

Configuring an Ethernet frame header ACL

Ethernet frame header ACLs, also called "Layer 2 ACLs," match packets based on Layer 2 protocol

header fields, such as:

Source MAC address.

•

Destination MAC address.

•

802.1p priority (VLAN priority).

Link layer protocol type.

•

To configure an Ethernet frame header ACL:

Step

Enter system view.

Command

rule [ rule-id ] { deny | permit }

protocol [ { { ack ack-value |

fin fin-value | psh psh-value |

rst rst-value | syn syn-value |

urg urg-value } * |

established } | counting |

destination { dest-address

dest-prefix |

dest-address/dest-prefix |

any } | destination-port

operator port1 [ port2 ] | dscp

dscp | flow-label

flow-label-value | fragment |

icmp6-type { icmp6-type

icmp6-code |

icmp6-message } | logging |

routing [ type routing-type ] |

hop-by-hop [ type hop-type ] |

source { source-address

source-prefix |

source-address/source-prefix

| any } | source-port operator

port1 [ port2 ] | time-range

time-range-name ] *

rule rule-id comment text

Command

system-view

Remarks

By default, IPv6 advanced ACL does not contain any

rule.

The logging keyword takes effect only when the

module (for example, packet filtering) that uses the

ACL supports logging.

If an ACL is for QoS traffic classification or packet

filtering:

•

Do not specify the fragment keyword.

•

Do not specify neq for the operator argument.

•

Do not specify the routing, hop-by-hop, or

flow-label keyword if the ACL is for outbound

QoS traffic classification or outbound packet

filtering.

•

Do not specify ipv6-ah for the protocol argument,

nor set its value to 0, 43, 44, 51, or 60, if the ACL

is for outbound QoS traffic classification or

outbound packet filtering.

By default, no rule comments are configured.

Remarks

N/A

Table of Contents

Configuring An Ethernet Frame Header Acl - HP FlexFabric 5700 series Configuration Manual

Configuring an Ethernet frame header ACL

Related Manuals for HP FlexFabric 5700 series

Related Content for HP FlexFabric 5700 series

Table of Contents