Huawei Quidway S8500 Series Command Manual page 638

Command Manual – QoS/ACL
Quidway S8500 Series Routing Switches
[ destination-port operator port1 [ port2 ] ] [ icmp-type type code ] [ established ]
[ [ precedence precedence | tos tos ]* | dscp dscp ] [ fragment ] [ bt-flag ]
[ time-range name ] [ vpn-instance instance-name ]
undo rule rule-id [ source | destination | source-port | destination-port | icmp-type
| precedence | tos | dscp | fragment | bt-flag | time-range | vpn-instance ]*
III. Define or delete the rules of a Layer 2 ACL
rule [ rule-id ] { permit | deny } [ cos cos-value | c-tag-cos c-cos-value | exp
exp-value| protocol-type | ingress { { source-vlan-id |[ to source-vlan-id-end ] |
source-mac-addr source-mac-wildcard }* | c-tag-vlan c-tag-vlanid}* | any } | egress
{ dest-mac-addr dest-mac-wildcard | any } | s-tag-vlan s-tag-vlanid | time-range
name ]*
undo rule rule-id
View
Corresponding ACL view
Parameter
rule-id: Specifies a rule number of the ACL, in the range of 0 to 127
permit: Allows qualified packets to pass.
deny: Forbids qualified packets to pass.
time-range name: Time range name, optional parameter. It means the rule takes effect
in this time range.
Note:
The following parameters are for the attributes of the packet. The ACL generates rules
according to these attribute parameters.
Parameters specific to basic ACLs:
source { source-addr wildcard | any }: source-addr wildcard specifies the source IP
address and wildcard digit of source address represented in dotted decimal notation.
any represents all source addresses.
fragment: It is only effective to fragmented messages and is ignored by
non-fragmented messages.
vpn-instance instance-name: VPN instance name. The specified MPLS VPN packets
will be identified if this parameter is selected.
Parameters specific to advanced ACLs:
Huawei Technologies Proprietary
1-14
Chapter 1 ACL Commands