EasyManua.ls Logo

3Com Switch 4800G 24-Port - Configuring an Ethernet Frame Header ACL

3Com Switch 4800G 24-Port
1246 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Configuring an Ethernet Frame Header ACL 845
n
You will fail to create or modify a rule if its permit/deny statement is exactly the
same as another rule. In addition, if the ACL match order is set to auto rather
than config, you cannot modify ACL rules.
You may use the display acl command to verify rules configured in an ACL. If
the match order for this ACL is auto, rules are displayed in the depth-first
match order rather than by rule number.
c
CAUTION:
You can modify the match order of an ACL with the acl number acl-number
[ name acl-name ] match-order { auto | config } command but only when it
does not contain any rules.
The rule specified in the rule comment command must have existed.
Configuration Examples # Create IPv4 ACL 3000, permitting TCP packets with port number 80 sent from
129.9.0.0 to 202.38.160.0 to pass.
<Sysname> system-view
[Sysname] acl number 3000
[Sysname-acl-adv-3000] rule permit tcp source 129.9.0.0 0.0.255.255 destination 202.38.160.0 0.0.0.255 destination-port eq 80
# Verify the configuration.
[Sysname-acl-adv-3000] display acl 3000
Advanced ACL 3000, named -none-, 1 rule,
ACL’s step is 5
rule 0 permit tcp source 129.9.0.0 0.0.255.255 destination 202.38.160.0 0.0.0.255 destination-port eq www
Configuring an
Ethernet Frame
Header ACL
Ethernet frame header ACLs filter packets based on Layer 2 protocol header fields
such as source MAC address, destination MAC address, 802.1p priority (VLAN
priority), and link layer protocol type. They are numbered in the range 4000 to
4999.
Configuration
Prerequisites
If you want to reference a time range to a rule, define it with the time-range
command first.
Configuration Procedure Follow these steps to configure an Ethernet frame header ACL:
To do… Use the command… Remarks
Enter system view system-view --
Create and enter Ethernet
frame header ACL view
acl number acl-number
[ name acl-name ]
[ match-order { auto |
config }]
Required
The default match order is
config.
If you specify a name for an
IPv4 ACL when creating the
ACL, you can use the acl
name acl-name command to
enter the view of the ACL
later.

Table of Contents

Related product manuals