Manualshelf

R3303-HP HSR6800 Routers ACL and QoS Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR6804 Router Chassis
11121314151617181920
8
Ste
p
Command Remarks
4. Set the rule
numbering step.
step step-value
Optional.
The default setting is 5.
5. Create or edit a
rule.
rule [ rule-id ] { deny | permit } protocol
[ { { ack ack-value | fin fin-value | psh
psh-value | rst rst-value | syn syn-value
| urg urg-value } * | established } |
counting | destination { dest-address
dest-prefix | dest-address/dest-prefix |
any } | destination-port operator port1
[ port2 ] | dscp dscp | flow-label
flow-label-value | fragment |
icmp6-type { icmp6-type icmp6-code |
icmp6-message } | logging | routing
[ type routing-type ] | source
{ source-address source-prefix |
source-address/source-prefix | any } |
source-port operator port1 [ port2
] |
time-range time-range-name |
vpn-instance vpn-instance-name ] *
By default IPv6 advanced ACL does not
contain any rule.
The logging keyword takes effect only
when the module (for example, a firewall)
using the ACL supports logging.
6. Add or edit a rule
comment.
rule rule-id comment text
Optional.
By default, no rule comments are
configured.
7. Add or edit a rule
range remark.
rule [ rule-id ] remark text
Optional.
By default, no rule range remarks are
configured.
Configuring an Ethernet frame header ACL
Ethernet frame header ACLs, also called "Layer 2 ACLs," match packets based on Layer 2 protocol
header fields, such as source MAC address, destination MAC address, 802.1p priority (VLAN priority),
and link layer protocol type.
Ethernet frame header ACLs identifies Ethernet packets that are sent to the control plane (such as VTY and
local user services), but not those sent to the forwarding plane (such as QoS, firewall, and debug
services).
To configure an Ethernet frame header ACL:
Ste
p
Command Remarks
1. Enter system view.
system-view N/A
2. Create an
Ethernet frame
header ACL and
enter its view.
acl number acl-number
[ name acl-name ]
[ match-order { auto |
config } ]
By default, no ACL exists.
Ethernet frame header ACLs are numbered in the
range of 4000 to 4999.
You can use the acl name acl-name command to enter
the view of a named Ethernet frame header ACL.