Huawei Quidway S3900 Series Operation Manual page 653

Operation Manual – ACL
Quidway S3900 Series Ethernet Switches-Release 1510
1.6.2 Configuration Procedure
Table 1-11 Define a user-defined ACL rule
Operation
Enter system view
Create or enter
user-defined ACL
view
Define an ACL rule
Define the
description for the
ACL rule
Define a comment
string for the ACL
rule
Display ACL
information
Note:
Take the following into consideration when configuring the offset parameter:
The packets processed by the switch have VLAN tags. One VLAN tag occupies 4
bytes.
If VLAN VPN is disabled, the packets processed by the switch have 4 bytes of VLAN
tag.
If VLAN VPN is enabled, a 4 bytes of VLAN tag is added to the packets that the
switch receives. The packets will have two VALN tags no matter the received
packets have VLAN tag or not.
When you specify the rule ID by using the rule command, note that:
You can specify an existing rule ID to modify the corresponding rule. ACEs that
are not modified remain unchanged.
You can create a rule by specifying an ID that identifies no rule.
You will fail to create a rule if the newly created rule is the same as an existing one.
If you do not specify the rule ID when creating an ACL rule, the rule ID of the newly
created rule is assigned by the system.
Command
system-view
acl number acl-number
rule [ rule-id ] { permit |
deny } [ rule-string rule-mask
offset ] &<1-8> [ time-range
name ]
description text
rule rule-id comment text
display acl { all |
acl-number }
Huawei Technologies Proprietary
1-14
Chapter 1 ACL Configuration
Description
—
Required
Required
Optional
Optional
Optional
This command can be
executed in any view.