132 CHAPTER 7: ACL CONFIGURATION
Note that, the port1 and port2 in the above command specify the TCP or UDP
ports used by various high-layer applications. For some common port numbers,
you can use the mnemonic symbols as a shortcut. For example, “bgp” can
represent the TCP number 179 used by BGP.
Define Layer-2 ACL
The rules of Layer-2 ACL are defined on the basis of the Layer-2 information such
as source MAC address, source VLAN ID, Layer-2 protocol type, Layer-2 packet
format and destination MAC address.
You can use the following command to define the numbered Layer-2 ACL.
Perform the following configuration in corresponding view.
Table 130 Define Layer-2 ACL
Defining the User-defined ACL
The user-defined ACL matches any bytes in the first 80 bytes of the Layer-2 data
frame with the character string defined by the user and then processes them
accordingly. To correctly use the user-defined ACL, you are required to understand
the Layer-2 data frame structure.
Any packet ending up at the FFP (Fast Filter Processor), that performs ACL
functionality, will contain a VLAN tag. Even packets that ingress the Switch
untagged will be tagged at the FFP.
You can use the following commands to define user-defined ACL.
Perform the following configuration in corresponding view.
Delete a sub-item from the ACL
(from Advanced ACL View)
undo rule rule_id [ source | destination |
source-port | destination-port |
icmp-type | precedence | tos | dscp |
fragment | vpn-instance ]*
Delete one ACL or all the ACL
(from System View)
undo acl { number acl_number | all }
Operation Command
Enter Layer-2 ACL view (from
System View)
acl number acl_number [ match-order {
config | auto }
Add a sub-item to the ACL
(from Layer-2 ACL View)
rule [ rule_id ] { permit | deny } [ [
type protocol_type type_mask | lsap
lsap_type type_mask ] | format_type |
cos cos | source { source_vlan_id |
source_mac_addr source_mac_wildcard }* |
dest { dest_mac_addr dest_mac_wildcard
} ]*
Delete a sub-item from the ACL
(from Layer-2 ACL View)
undo rule rule_id
Delete one ACL or all the ACL
(from System View)
undo acl { number acl_number | all }
Operation Command
To Next Page
Loading...
