H3C S7500 Series Ethernet Switches Operation Manual
Operation Manual – ACL
H3C S7500 Series Ethernet Switches Chapter 1
ACL Configuration
1-15
rule 0 permit tcp source 129.9.0.0 0.0.255.255 destination 202.38.160.0
0.0.0.255 destination-port eq www (0 times matched)
1.7 Defining Layer 2 ACLs
Layer 2 ACLs define rules based on the Layer 2 information such as the source and
destination MAC address information, VLAN priority and Layer 2 protocol to process
packets.
The value range for Layer 2 ACL numbers is 4,000 to 4,999.
1.7.1 Configuration Prerequisites
Before configuring an ACL rule containing time range arguments, you need to define
the corresponding time ranges. For the configuration of time ranges, refer to
Configuring Time Ranges.
The values of the source and destination MAC addresses, VLAN priority and Layer 2
protocol in the rule have been defined.
1.7.2 Configuration Procedure
Table 1-13 Create a Layer 2 ACL rule
To do... Use the command... Remarks
Enter system view
system-view
—
Create or enter layer
2 ACL view
acl { number acl-number |
name acl-name [ advanced
| basic | link | user ] }
[ match-order { config |
auto } ]
Required
By default, the match order
is config.
Define an ACL rule
rule [ rule-id ] { permit |
deny } [ rule-string ]
Required
If you do not specify the
rule-string argument, the
switch will choose ingress
any egress any by default.
Display ACL
information
display acl config { all |
acl-number | acl-name }
Optional
This command can be
executed in any view.
rule-string: rule information, which can be combination of the parameters described in
Table 1-14.