Table of Contents
Advertisement
Predefined user roles
network-admin
Parameters
: Specifies a rule ID in the range of 0 to 65534. If you do not specify a rule ID when creating
rule-id
an ACL rule, the system automatically assigns it a rule ID. This rule ID is the nearest higher multiple
of the numbering step to the current highest rule ID, starting from the start rule ID. For example, if the
rule numbering step is 5 and the current highest rule ID is 28, the rule is numbered 30.
: Denies matching packets.
deny
: Allows matching packets to pass.
permit
cos dot1p:
values:
•
A priority number in the range of 0 to 7.
•
A priority name:
controlled-load
: Enables rule match counting in software. If you do not specify this keyword, matches for
counting
the rule are not counted in software.
dest-mac dest-address dest-mask:
dest-address
the H-H-H format.
lsap lsap-type lsap-type-mask:
The
lsap-type
value range for the
hexadecimal number that represents the LSAP mask. The value range for the
argument is 0 to ffff.
type protocol-type protocol-type-mask
The
protocol-type
Ethernet_II and Ethernet_SNAP frames. The value range for the
ffff. The
protocol-type-mask
type mask. The value range for the
source-mac source-address source-mask:
source-address
represents a mask in the H-H-H format.
time-range time-range-name
argument is a case-insensitive string of 1 to 32 characters. It must start with an English letter. If the
time range is not configured, the system creates the rule. However, the rule using the time range can
take effect only after you configure the time range. For more information about time range, see ACL
and QoS Configuration Guide.
Usage guidelines
Within an ACL, the permit or deny statement of each rule must be unique. If the rule you are creating
or editing has the same deny or permit statement as another rule in the ACL, the rule will not be
created or changed.
You can edit ACL rules only when the match order is
The
counting
hardware-count
hardware for all rules in an ACL.
To view the existing Layer 2 ACL rules, use the
Matches an 802.1p priority. The 802.1p priority can be specified by one of the following
best-effort
(4),
video
and
dest-mask
argument is a hexadecimal number that represents the encapsulation format. The
argument is 0 to ffff. The
lsap-type
argument is a hexadecimal number that represents a protocol type in
argument is a hexadecimal number that represents a protocol
protocol-type-mask
argument represents a source MAC address, and the
keyword in this command enables match counting specific to rules, and the
keyword in the
(0),
(1),
background
(5),
(6), or
voice
network-management
Matches a destination MAC address range. The
arguments represent a destination MAC address and mask in
Matches the DSAP and SSAP fields in LLC encapsulation.
: Matches one or more protocols in the Layer 2.
Matches a source MAC address range. The
: Specifies a time range for the rule. The
config
packet-filter
display acl mac all
34
(2),
spare
excellent-effort
lsap-type-mask
lsap-type-mask
protocol-type
argument is 0 to ffff.
sour-mask
time-range-name
.
command enables match counting in
command.
(3),
(7).
argument is a
argument is 0 to
argument
Advertisement
Chapters
Table of Contents
