Configuring An Ethernet Frame Header Acl - H3C S5500-EI series Operation Manual
Hide thumbs
Also See for S5500-EI series:
- Configuration manual (490 pages) ,
- Security configuration manual (448 pages) ,
- Operation manual (216 pages)
Table of Contents
Advertisement
Operation Manual – ACL
H3C S5500-EI Series Ethernet Switches
Caution:
You can modify the match order of an ACL with the acl number acl-number [ name
acl-name ] match-order { auto | config } command but only when it does not
contain any rules.
The rule specified in the rule comment command must have existed.
2.3.3 Configuration Examples
# Create IPv4 ACL 3000, permitting TCP packets with port number 80 sent from
129.9.0.0 to 202.38.160.0 to pass.
<Sysname> system-view
[Sysname] acl number 3000
[Sysname-acl-adv-3000]
destination 202.38.160.0 0.0.0.255 destination-port eq 80
# Verify the configuration.
[Sysname-acl-adv-3000] display acl 3000
Advanced ACL
ACL's step is 5
rule 0 permit tcp source 129.9.0.0 0.0.255.255 destination 202.38.160.0
0.0.0.255 destination-port eq www
2.4 Configuring an Ethernet Frame Header ACL
Ethernet frame header ACLs filter packets based on Layer 2 protocol header fields
such as source MAC address, destination MAC address, 802.1p priority (VLAN priority),
and link layer protocol type. They are numbered in the range 4000 to 4999.
2.4.1 Configuration Prerequisites
If you want to reference a time range to a rule, define it with the time-range command
first.
2.4.2 Configuration Procedure
Follow these steps to configure an Ethernet frame header ACL:
rule
permit
3000, named -none-, 1 rule,
2-6
Chapter 2 IPv4 ACL Configuration
tcp
source
129.9.0.0
0.0.255.255
Advertisement
Chapters
Table of Contents
Troubleshooting
