H3C S5120-SI Series Command Reference Manual page 588
Hide thumbs
Also See for S5120-SI Series:
- Configuration manual (745 pages) ,
- Operation manual (697 pages) ,
- Command reference manual (209 pages)
Table of Contents
Advertisement
dest-mac dest-addr dest-mask: Matches a destination MAC address range. The dest-addr and
dest-mask arguments represent a destination MAC address and mask in H-H-H format.
lsap lsap-type lsap-type-mask: Matches the DSAP and SSAP fields in LLC encapsulation. The
lsap-type argument is a 16-bit hexadecimal number that represents the encapsulation format. The
lsap-type-mask argument is a 16-bit hexadecimal number that represents the LSAP mask.
source-mac sour-addr source-mask: Matches a source MAC address range. The sour-addr argument
represents a source MAC address, and the sour-mask argument represents a mask in H-H-H format.
time-range time-range-name: Specifies a time range for the rule. The time-range-name argument is a
case insensitive string of 1 to 32 characters. It must start with an English letter.
Description
Use the rule command to create or edit an Ethernet frame header ACL rule.
Use the undo rule command to delete an Ethernet frame header ACL rule or some attributes in the rule.
By default, an Ethernet frame header ACL does not contain any rule.
When defining ACL rules, you do not need to assign them IDs; the system can automatically assign rule
IDs starting with 0 and increasing in certain rule numbering steps. A rule ID thus assigned is the smallest
multiple of the step that is bigger than the current biggest number. For example, if the rule numbering
step is 5 and the current highest rule ID is 28, the next rule will be numbered 30.
Before performing the undo rule command to remove an Ethernet frame header ACL rule, you may use
the display acl command to view the ID of the rule.
You cannot create a rule with, or modify a rule to have, the same permit/deny statement as an existing
rule in the ACL.
You can only modify the existing rules of an ACL that uses the match order of config. When modifying a
rule of such an ACL, you may choose to change just some of the settings, in which case the other
settings remain the same.
When the ACL match order is auto, a newly created rule will be inserted among the existing rules in the
depth-first match order. Note that the IDs of the rules still remain the same.
If the ACL match order is auto, rules are displayed in the depth-first match order rather than by rule
number.
For an Ethernet frame header ACL to be referenced by a QoS policy for traffic classification, the lsap
keyword is not supported.
Related commands: display acl.
Examples
# Create a rule in ACL 4000 to deny packets with the 802.1p priority of 3.
<Sysname> system-view
[Sysname] acl number 4000
[Sysname-acl-ethernetframe-4000] rule deny cos 3
1-15
Advertisement
Chapters
Table of Contents
