H3C S5500-EI series Operation Manual page 1032

Operation Manual – ACL
H3C S5500-EI Series Ethernet Switches
Enter system view
Create and enter Ethernet
frame header ACL view
Create or modify a rule
Set a rule numbering step
Create an ACL
description
Create a rule description
Note that:
You will fail to create or modify a rule if its permit/deny statement is exactly the
same as another rule. In addition, if the ACL match order is set to auto rather than
config, you cannot modify ACL rules.
You may use the display acl command to verify rules configured in an ACL. If the
match order for this ACL is auto, rules are displayed in the depth-first match order
rather than by rule number.
To do...
system-view
acl number acl-number
[ name acl-name ]
[ match-order { auto |
config } ]
rule [ rule-id ] { deny |
permit } [ cos vlan-pri |
dest-mac dest-addr
dest-mask | lsap
lsap-code lsap-wildcard |
source-mac sour-addr
source-mask |
time-range time-name |
type type-code
type-wildcard ] *
step step-value
description text
rule rule-id comment text
Use the command...
2-7
Chapter 2 IPv4 ACL Configuration
Remarks
––
Required
The default match order is
config.
If you specify a name for
an IPv4 ACL when
creating the ACL, you can
use the acl name
acl-name command to
enter the view of the ACL
later.
Required
To create multiple rules,
repeat this step.
Note that the lsap
keyword is not supported
if the ACL is to be
referenced by a QoS
policy for traffic
classification.
Optional
The default step is 5.
Optional
By default, no IPv4 ACL
description is present.
Optional
By default, no rule
description is present.