Configuring A Layer 2 Acl - Huawei Quidway S3700 Series Configuration Manual
Hide thumbs
Also See for Quidway S3700 Series:
- Configuration manual (398 pages) ,
- Quick start manual (70 pages) ,
- Manual (69 pages)
Table of Contents
Advertisement
Quidway S3700 Series Ethernet Switches
Configuration Guide - Security
Step 2 Run:
acl [ number ] acl-number
An advanced ACL is created based on the number.
Or, run:
acl name acl-name [ advance | acl-number ]
An advanced ACL is created based on the name.
The value of an advanced ACL ranges from 3000 to 3999.
Step 3 Run the following command as required:
l When protocol is specified as the Transmission Control Protocol (TCP), run:
l When protocol is specified as the User Datagram Protocol (UDP), run:
l When protocol is specified as ICMP, run:
l When protocol is specified as another protocol rather than TCP, UDP, or ICMP, run:
You can configure different advanced ACLs on the S3700 according to the protocol carried by
IP. Different parameter combinations are available for different protocol types.
----End
10.3.7 Configuring a Layer 2 ACL
Layer 2 ACLs can classify data packets according to the link layer information including the
source MAC address, source VLAN ID, Layer 2 protocol type, and destination MAC address.
Issue 01 (2011-07-15)
rule [ rule-id ] { deny | permit } tcp [ destination { destination-address
destination-wildcard | any } | destination-port { eq | gt | lt | range } port |
dscp dscp | fragment | logging | precedence precedence | source { source-
address source-wildcard | any } | source-port { eq | gt | lt | range } port |
tcp-flag { tcp-value | ack | fin | psh | rst | syn | urg }
*
name | tos tos ]
An ACL rule is created.
rule [ rule-id ] { deny | permit } udp [ destination { destination-address
destination-wildcard | any } | destination-port { eq | gt | lt | range } port |
dscp dscp | fragment | logging | precedence precedence | source { source-
address source-wildcard | any } | source-port { eq | gt | lt | range } port |
time-range time-name | tos tos ]
An ACL rule is created.
rule [ rule-id ] { deny | permit } icmp [ destination { destination-address
destination-wildcard | any } | dscp dscp | fragment | logging | icmp-type { icmp-
name | icmp-type icmp-code } |
source-wildcard | any } | time-range time-name | tos tos ]
An ACL rule is created.
rule [ rule-id ] { deny | permit } { protocol-number | gre | igmp | ip | ipinip
| ospf } [ destination { destination-address destination-wildcard | any } |
dscp dscp | fragment | logging | precedence precedence | source { source-
address source-wildcard | any } | time-range time-name | tos tos ]
An ACL rule is created.
NOTE
dscp dscp and precedence precedence cannot be specified at the same time.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
*
precedence precedence | source { source-address
10 ACL Configuration
*
| time-range time-
*
*
229
Advertisement
Table of Contents
