R0106-HP MSR Router Series ACL and QoS Configuration Guide(V7)
11
Ste
p
Command Remarks
4. (Optional.) Set the rule
numbering step.
step step-value The default setting is 5.
5. Create or edit a rule.
rule [ rule-id ] { deny | permit }
protocol [ { { ack ack-value | fin
fin-value | psh psh-value | rst
rst-value | syn syn-value | urg
urg-value } * | established } |
counting | destination
{ dest-address dest-prefix |
dest-address/dest-prefix | any } |
destination-port operator port1
[ port2 ] | dscp dscp | flow-label
flow-label-value | fragment |
icmp6-type { icmp6-type
icmp6-code | icmp6-message } |
logging | routing [ type
routing-type ] | hop-by-hop [ type
hop-type ] | source
{ source-address source-prefix |
source-address/source-prefix |
any } | source-
p
ort operator port1
[ port2 ] | time-range
time-range-name | vpn-instance
vpn-instance-name ] *
By default, IPv6 advanced ACL
does not contain any rule.
The logging keyword takes effect
only when the module (for
example, packet filtering) that uses
the ACL supports logging.
6. (Optional.) Add or edit a rule
comment.
rule rule-id comment text
By default, no rule comments are
configured.
Configuring an Ethernet frame header ACL
Ethernet frame header ACLs, also called "Layer 2 ACLs," match packets based on Layer 2 protocol
header fields, such as:
• Source MAC address.
• Destination MAC address.
• 802.1p priority (VLAN priority).
• Link layer protocol type.
To configure an Ethernet frame header ACL:
Ste
p
Command Remarks
1. Enter system view.
system-view N/A
2. Create an Ethernet frame
header ACL and enter its view.
acl number acl-number [ name
acl-name ] [ match-order { auto |
config } ]
By default, no ACL exists.
Ethernet frame header ACLs are
numbered in the range of 4000 to
4999.
You can use the acl name acl-name
command to enter the view of a
named ACL.