H3C S5600 Series Operation Manual page 746

[Sysname-acl-ethernetframe-4000]
ffff-ffff-ffff dest 0011-4301-991e ffff-ffff-ffff
# Display the configuration information of ACL 4000.
[Sysname-acl-ethernetframe-4000] display acl 4000
Ethernet frame ACL
Acl's step is 1
rule 0 deny cos excellent-effort source 000d-88f5-97ed ffff-ffff-ffff dest
0011-4301-991e ffff-ffff-ffff
Configuring User-defined ACL
A user-defined ACL filters packets by comparing specific bytes in packet headers with
specified string.
A user-defined ACL can be numbered from 5000 to 5999.
Configuration prerequisites
To configure a time range-based user-defined ACL rule, you need to define the
corresponding time ranges first. For information about time range configuration, refer to
Configuring Time
Configuration procedure
Follow these steps to define a user-defined ACL rule:
To do...
Enter system view
Create a user-defined ACL
and enter user-defined
ACL view
Define an ACL rule
Define a comment for the
ACL rule
Define a description for the
ACL
When configuring a rule that matches specific fields of packets, Note that: each packet in
the switch carries two VLAN tags, which is 8 bytes long.
4000, 1 rule
Range.
Use the command...
system-view
acl number acl-number
rule [ rule-id ] { permit |
deny } [ rule-string
rule-mask offset ] &<1-8>
[ time-range time-name ]
rule rule-id comment text
description text
rule deny cos
1-10
3 source 000d-88f5-97ed
Remarks
—
Required
Required
For information about
rule-string, refer to ACL
Commands.
Optional
No description by default
Optional
No description by default