1-7
[Sysname] acl number 3000
[Sysname-acl-adv-3000] rule permit tcp source 129.9.0.0 0.0.255.255 destination 202.38.160.0
0.0.0.255 destination-port eq 80
# Display the configuration information of ACL 3000.
[Sysname-acl-adv-3000] display acl 3000
Advanced ACL 3000, 1 rule
Acl's step is 1
rule 0 permit tcp source 129.9.0.0 0.0.255.255 destination 202.38.160.0 0.0.0.255
destination-port eq www
Configuring Layer 2 ACL
Layer 2 ACLs filter packets according to their Layer 2 information, such as the source and destination
MAC addresses, VLAN priority, and Layer 2 protocol types.
A Layer 2 ACL can be numbered from 4000 to 4999.
Configuration Prerequisites
z To configure a time range-based Layer 2 ACL rule, you need to create the corresponding time
ranges first. For information about time range configuration, refer to section
Configuring Time
Range
z The settings to be specified in the rule, such as source and destination MAC addresses, VLAN
priorities, and Layer 2 protocol types, are determined.
Configuration Procedure
Table 1-4 Define a Layer 2 ACL rule
Operation Command Description
Enter system view
system-view
—
Create a Layer 2 ACL
and enter layer 2 ACL
view
acl number acl-number
Required
Define an ACL rule
rule [ rule-id ] { permit | deny }
rule-string
Required
For information about rule-string,
refer to ACL Commands.
Assign a description
string to the ACL rule
rule rule-id comment text
Optional
No description by default
Assign a description
string to the ACL
description text
Optional
No description by default
Note that:
z You can modify any existent rule of the Layer2 ACL and the unmodified part of the ACL remains.
z If you do not specify the rule-id argument when creating an ACL rule, the rule will be numbered
automatically. If the ACL has no rules, the rule is numbered 0; otherwise, the number of the rule will
be the greatest rule number plus one. If the current greatest rule number is 65534, however, the
system will display an error message and you need to specify a number for the rule.
To Next Page
Loading...
