8
Ste
Command Remarks
2. Create an Ethernet frame
header ACL and enter its
view.
acl number acl-number [ name
acl-name ] [ match-order { auto |
config } ]
By default, no ACL exists.
Ethernet frame header ACLs are
numbered in the range of 4000 to
4999.
You can use the acl name acl-name
command to enter the view of a
named ACL.
3. (Optional.) Configure a
description for the Ethernet
frame header ACL.
description text
By default, an Ethernet frame
header ACL has no ACL
description.
4. (Optional.) Set the rule
numbering step.
step step-value The default setting is 5.
5. Create or edit a rule.
rule [ rule-id ] { deny | permit } [ cos
vlan-pri | counting | dest-mac
dest-address dest-mask | { lsap
lsap-type lsap-type-mask | type
protocol-type protocol-type-mask }
| source-mac source-address
source-mask | time-range
time-range-name ] *
By default
,
an Ethernet frame
header ACL does not contain any
rule.
When an Ethernet frame header
ACL with the lsap keyword
specified is used for QoS traffic
classification or packet filtering,
the lsap-type argument must be
AAAA and the lsap-type-mask
argument must be FFFF. Otherwise,
the ACL cannot be normally
applied.
6. (Optional.) Add or edit a rule
comment.
rule rule-id comment text
By default, no rule comments are
configured.
Copying an ACL
You can create an ACL by copying an existing ACL (source ACL). The new ACL (destination ACL) has the
same properties and content as the source ACL, but not the same ACL number and name.
To successfully copy an ACL, make sure:
• The destination ACL number is from the same category as the source ACL number.
• The source ACL already exists, but the destination ACL does not.
To copy an ACL:
Ste
Command
1. Enter system view.
system-view
2. Copy an existing ACL to create a new ACL.
acl [ ipv6 ] copy { source-acl-number | name
source-acl-name } to { dest-acl-number | name
dest-acl-name }
To Next Page
Loading...
Need help?
General
