Configuring An Ethernet Frame Header Acl - H3C S5120-EI Series Configuration Manual

Note that:
You can only modify the existing rules of an ACL that uses the match order of config. When
modifying a rule of such an ACL, you may choose to change just some of the settings, in which
case the other settings remain the same.
You cannot create a rule with, or modify a rule to have, the same permit/deny statement as an
existing rule in the ACL.
When the ACL match order is auto, a newly created rule will be inserted among the existing rules
in the depth-first match order. Note that the IDs of the rules still remain the same.
You can modify the match order of an IPv6 ACL with the acl ipv6 number acl6-number [ name
acl6-name ] match-order { auto | config } command but only when it does not contain any rules.

Configuring an Ethernet Frame Header ACL

Ethernet frame header ACLs, also called Layer 2 ACLs, match packets based on Layer 2 protocol
header fields such as source MAC address, destination MAC address, 802.1p priority (VLAN priority),
and link layer protocol type.
Follow these steps to configure an Ethernet frame header ACL:
To do...
Enter system view
Create an Ethernet frame header
ACL and enter its view
Configure a description for the
Ethernet frame header ACL
Set the rule numbering step
Use the command...
system-view
acl number acl-number [ name
acl-name ] [ match-order { auto |
config } ]
description text
step step-value
1-12
Remarks
––
Required
By default, no ACL exists.
Ethernet frame header ACLs are
numbered in the range 4000 to
4999.
You can use the acl name
acl-name command to enter the
view of an existing named
Ethernet frame header ACL.
Optional
By default, an Ethernet frame
header ACL has no ACL
description.
Optional
5 by default.