Rule (In User-Defined Acl View) - H3C MSR 20-20 Command Reference Manual

2098 C 138: IP 4 ACL C C
HAPTER V ONFIGURATION OMMANDS
time-range time-name: Specifies the time range in which the rule can take effect.
The time-name argument comprises 1 to 32 characters. It is case insensitive and
must start with an English letter. To avoid confusion, this name cannot be all.
type type-code type-wildcard: Defines a link layer protocol. The type-code
argument is a 16-bit hexadecimal number indicating frame type. It is
corresponding to the type-code field in Ethernet_II and Ethernet_SNAP frames.
The type-wildcard argument is a 16-bit hexadecimal number indicating the
wildcard.
The use of this parameter depends on the hardware chip of your device.
Description Use the command to create an Ethernet frame header ACL rule or modify the
rule
rule if it has existed.
Use the command to remove an Ethernet frame header ACL rule.
undo rule
You will fail to create or modify a rule if its permit/deny statement is exactly the
same as another rule. In addition, if the ACL match order is set to auto rather than
config, you cannot modify ACL rules.
When defining ACL rules, you need not assign them IDs. The system can
automatically assign rule IDs, starting with 0 and increasing in certain rule
numbering steps. A rule ID thus assigned is greater than the current highest rule
ID. For example, if the rule numbering step is five and the current highest rule ID is
28, the next rule will be numbered 30. For detailed information about step, refer
to "step (for IPv4)" on page 2100 and "step (for IPv6)" on page 2116.
You may use the display acl command to verify rules configured in an ACL. If the
match order for this ACL is auto, rules are displayed in the depth-first order rather
than by rule number.
Example # Create a rule to deny packets with the 802.1p priority of 3.
<Sysname> system-view
[Sysname] acl number 4000
[Sysname-acl-ethernetframe-4000] rule deny cos 3

rule (in user-defined ACL view)

Syntax
rule [ rule-id ] { deny | permit } [ { l2 rule-string rule-mask offset }&<1-8> ]
[ time-range time-name ]
undo rule rule-id
View User-defined ACL view
Parameter rule-id: User-defined ACL rule number in the range 0 to 65534.
deny: Defines a deny statement to drop matched packets.
permit: Defines a permit statement to allow matched packets to pass.