R2511-HP MSR Router Series Security Command Reference(V5)
395
Default command level
2: System level
Parameters
acl-number: Ethernet frame header ACL number in the range of 4000 to 4999.
name acl-name: Specifies the Ethernet frame header ACL name, a case-insensitive string of 1 to 63
characters that must start with an alphabetical character a to z or A to Z. To avoid confusion, the word
all cannot be used as the ACL name.
inbound: Filters packets received by the interface.
outbound: Filters packets forwarded from the interface.
Usage guidelines
The following matrix shows the command and router compatibility:
Command MSR900 MSR93
X
MSR20-1
X
MSR20
MSR30 MSR50 MSR1000
firewall
ethernet-frame-filter
Yes Yes No Yes Yes Yes Yes
Ethernet frame filtering is not performed by default.
The Ethernet frame filtering function is effective only when the interface works in bridge group.
You can apply only one ACL in one direction of an interface to filter Ethernet frames.
Examples
# Configure Ethernet frame filtering rules in the inbound direction of Ethernet 1/1.
<Sysname> system-view
[Sysname] bridge enable
[Sysname] bridge 1 enable
[Sysname] interface ethernet 1/1
[Sysname-Ethernet1/1] bridge-set 1
[Sysname-Ethernet1/1] firewall ethernet-frame-filter 4001 inbound
firewall fragments-inspect
Use firewall fragments-inspect to enable fragments inspection.
Use undo firewall fragments-inspect to disable fragments inspection.
Syntax
firewall fragments-inspect
undo firewall fragments-inspect
Views
System view
Default command level
2: System level
Parameters
None