Operation Manual – ACL
Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 ACL Configuration
Huawei Technologies Proprietary
1-13
Parameter Type Function Description
dest dest-addr
dest-mask
Destination
MAC address
information
Specifies the
destination
MAC address
range in the
rule
dest-addr: destination MAC
address, in the format of
H-H-H
dest-mask: destination MAC
address mask, in the format
of H-H-H
cos vlan-pri
Priority
Defines the
802.1p
priority of the
rule
vlan-pri: VLAN priority, in the
range of 0 to 7
time-range
time-name
Time range
information
Specifies the
time range in
which the rule
is active
time-name: specifies the
name of the time range in
which the rule is active; a
string of 1 to 32 characters
type
protocol-type
protocol-mask
Protocol type
of Ethernet
frames
Defines the
protocol type
of Ethernet
frames
protocol-type: protocol type
protocol-mask: protocol type
mask
1.5.3 Configuration Example
# Configure ACL 4000 to deny packets whose 802.1p priority is 3.
<Quidway> system-view
[Quidway] acl number 4000
[Quidway-acl-ethernetframe-4000] rule deny cos 3
[Quidway-acl-ethernetframe-4000] display acl 4000
Ethernet frame ACL 4000, 1 rule
Acl's step is 1
rule 0 deny cos excellent-effort
1.6 Defining User-Defined ACLs
Using a byte, which is specified through its offset from the packet header, in the packet
as the starting point, user-defined ACLs perform logical AND operations on packets
and compare the extracted string with the user-defined string to find the matching
packets for processing.
User-defined ACL numbers range from 5000 to 5999.
1.6.1 Configuration Preparation
To configure a time range-based ACL rule, you need first to define the corresponding
time range, as described in section
1.2 “Configuring Time Ranges”.
To Next Page
Loading...
Need help?
General