Configuration Example; Defining User-Defined Acls; Configuration Prerequisites; Configuration Procedure - H3C S7500 Series Operation Manual

Operation Manual – ACL
H3C S7500 Series Ethernet Switches

1.7.3 Configuration Example

# Configure ACL 4000 to deny packets whose 802.1p priority is 3, source MAC address
is 000d-88f5-97ed, and destination MAC address is 011-4301-991e.
<H3C> system-view
[H3C] acl number 4000
[H3C-acl-ethernetframe-4000]
ffff-ffff-ffff dest 0011-4301-991e ffff-ffff-ffff
[H3C-acl-ethernetframe-4000] display acl config 4000
Ethernet frame ACL
rule 0 deny cos excellent-effort source 000d-88f5-97ed ffff-ffff-ffff dest
0011-4301-991e ffff-ffff-ffff (0 times matched)

1.8 Defining User-Defined ACLs

Using a byte, which is specified through its offset from the packet header, in the packet
as the starting point, user-defined ACLs perform logical AND operations on packets
and compare the extracted string with the user-defined string to find the matching
packets for processing.
User-defined ACL numbers range from 5,000 to 5,999.

1.8.1 Configuration Prerequisites

To configure a time range-based ACL rule, you need first to define the corresponding
time range, as described in

1.8.2 Configuration Procedure

Table 1-16 Define a user-defined ACL rule
To do...
Enter system view
Create or enter
user-defined ACL
view
Define an ACL rule
Display ACL
information
rule deny
4000, 1 rule
Configuring Time
Use the command...
system-view
acl { number acl-number |
name acl-name [ advanced |
basic | link | user ] }
[ match-order { config |
auto } ]
rule [ rule-id ] { permit | deny }
{ rule-string rule-mask offset }
&<1-8> [ time-range
time-name ]
display acl config { all |
acl-number | acl-name }
1-18
Chapter 1 ACL Configuration
cos 3 source
Ranges.
Remarks
—
Required
By default, the match
order is config.
Required
Optional
This command can be
executed in any view.
000d-88f5-97ed