3Com Switch 7750 Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

641

642

643

644

645

646

647

648

649

650

Defining Layer 2 ACLs 647

■ The content of a newly created rule must not be identical with the content of

any existing rule; otherwise the rule creation will fail, and the system will

prompt that the rule already exists.

If you do not specify a rule ID, you will create and define a new rule, and the

system will assign an ID for the rule automatically.

Configuration Example # Configure ACL 3000 to permit TCP packets to pass. The port number of the

packets is 80, the source network segment of packets is 129.9.0.0, and the

destination network segment is 202.38.160.0

<SW7750> system-view

[SW7750] acl number 3000

[SW7750-acl-adv-3000] rule permit tcp source 129.9.0.0 0.0.255.255 d

estination 202.38.160.0 0.0.0.255 destination-port eq 80

[SW7750-acl-adv-3000] display acl config 3000

Advanced ACL 3000, 1 rule,

rule 0 permit tcp source 129.9.0.0 0.0.255.255 destination 202.38.16

0.0 0.0.0.255 destination-port eq www (0 times matched)

Defining Layer 2 ACLs Layer 2 ACLs define rules based on the Layer 2 information such as the source and

destination MAC address information, VLAN priority and Layer 2 protocol to

process packets.

The value range for Layer 2 ACL numbers is 4,000 to 4,999.

Configuration

Preparation

Before configuring an ACL rule containing time range arguments, you need to

configure define the corresponding time ranges. For the configuration of time

ranges, refer to “Configuring Time Ranges” on page 640.

The source and destination MAC addresses, VLAN priority and Layer 2 protocol in

the rule have been defined.

Configuration Tasks

rule-string: rule information, which can be combination of the parameters

described in Table 520.

Table 519 Create a Layer 2 ACL rule

Operation Command Description

Enter system view system-view -

Create or enter layer 2 ACL

view

acl { number acl-number |

name acl-name [ advanced |

basic | link | user ]}

[ match-order { config |

auto }]

Required

By default, the match order is

config.

Define an ACL rule rule [ rule-id ]{permit |

deny } [ rule-string ]

Required

If you do not specify the

rule-string parameter, the

switch will choose ingress

any egress any by default.

Display ACL information display acl config { all |

acl-number | acl-name }

Optional

This command can be

executed in any view.