1-8
z When the ACL match order is auto, a newly created rule will be inserted among the existing rules
in the depth-first match order. Note that the IDs of the rules still remain the same.
z You can modify the match order of an ACL with the acl number acl-number [ name acl-name ]
match-order { auto | config } command, but only when the ACL does not contain any rules.
z The rule specified in the rule comment command must already exist.
Configuring an Ethernet Frame Header ACL
Ethernet frame header ACLs, also called Layer 2 ACLs, match packets based on Layer 2 protocol
header fields such as source MAC address, destination MAC address, 802.1p priority (VLAN priority),
and link layer protocol type.
Follow these steps to configure an Ethernet frame header ACL:
To do… Use the command… Remarks
Enter system view
system-view ––
Create an Ethernet frame header
ACL and enter its view
acl number
acl-number [
name
acl-name ] [
match-order
{
auto
|
config
} ]
Required
By default, no ACL exists.
Ethernet frame header ACLs are
numbered in the range 4000 to
4999..
You can use the
acl
name
acl-name command to enter the
view of an existing named Ethernet
frame header ACL.
Configure a description for the
Ethernet frame header ACL
description
text
Optional
By default, an Ethernet frame
header ACL has no ACL
description.
Set the rule numbering step
step
step-value
Optional
5 by default.
Create or edit a rule
rule
[ rule-id ] {
deny
|
permit
}
[
cos
vlan-pri |
dest-mac
dest-addr
dest-mask | {
lsap
lsap-type
lsap-type-mask |
type
protocol-type protocol-type-mask }
|
source-mac
sour-addr
source-mask |
time-range
time-range-name ] *
Required
By default
,
an Ethernet frame
header ACL does not contain any
rule.
To create or edit multiple rules,
repeat this step.
Configure or edit a rule description
rule
rule-id
comment
text
Optional
By default, an Ethernet frame
header ACL rule has no rule
description.
Note that:
To Next Page
Loading...
Need help?
General