Configuring Layer 2 Acl - H3C S3100-52P Operation Manual

Operation Manual – ACL
H3C S3100-52P Ethernet Switch
[Sysname-acl-adv-3000]
destination 202.38.160.0 0.0.0.255 destination-port eq 80
# Display the configuration information of ACL 3000.
[Sysname-acl-adv-3000] display acl 3000
Advanced ACL
Acl's step is 1
rule 0 permit tcp source 129.9.0.0 0.0.255.255 destination 202.38.160.0
0.0.0.255 destination-port eq www

1.2.4 Configuring Layer 2 ACL

Layer 2 ACLs filter packets according to their Layer 2 information, such as the source
and destination MAC addresses, VLAN priority, and Layer 2 protocol types.
A Layer 2 ACL can be numbered from 4000 to 4999.
I. Configuration prerequisites
To configure a time range-based Layer 2 ACL rule, you need to create the
corresponding time ranges first. For information about time range configuration,
refer to
The settings to be specified in the rule, such as source and destination MAC
addresses, VLAN priorities, and Layer 2 protocol types, are determined.
II. Configuration procedure
Follow these steps to define a Layer 2 ACL rule:
Enter system view
Create a Layer 2 ACL and
enter layer 2 ACL view
Define an ACL rule
Assign a description string
to the ACL rule
Assign a description string
to the ACL
Note that:
You can modify any existent rule of the Layer2 ACL and the unmodified part of the
ACL remains.
rule
3000, 1 rule
Configuring Time Range.
To do...
system-view
acl number acl-number
rule [ rule-id ] { permit |
deny } rule-string
rule rule-id comment text
description text
permit tcp source
Use the command...
1-9
Chapter 1 ACL Configuration
129.9.0.0 0.0.255.255
Remarks
—
Required
Required
For information about
rule-string, refer to ACL
Commands.
Optional
No description by default
Optional
No description by default