H3C S7500 Series Ethernet Switches Operation Manual
Operation Manual – ACL
H3C S7500 Series Ethernet Switches Chapter 1
ACL Configuration
1-18
1.7.3 Configuration Example
# Configure ACL 4000 to deny packets whose 802.1p priority is 3, source MAC address
is 000d-88f5-97ed, and destination MAC address is 011-4301-991e.
<H3C> system-view
[H3C] acl number 4000
[H3C-acl-ethernetframe-4000] rule deny cos 3 source 000d-88f5-97ed
ffff-ffff-ffff dest 0011-4301-991e ffff-ffff-ffff
[H3C-acl-ethernetframe-4000] display acl config 4000
Ethernet frame ACL 4000, 1 rule
rule 0 deny cos excellent-effort source 000d-88f5-97ed ffff-ffff-ffff dest
0011-4301-991e ffff-ffff-ffff (0 times matched)
1.8 Defining User-Defined ACLs
Using a byte, which is specified through its offset from the packet header, in the packet
as the starting point, user-defined ACLs perform logical AND operations on packets
and compare the extracted string with the user-defined string to find the matching
packets for processing.
User-defined ACL numbers range from 5,000 to 5,999.
1.8.1 Configuration Prerequisites
To configure a time range-based ACL rule, you need first to define the corresponding
time range, as described in
Configuring Time Ranges.
1.8.2 Configuration Procedure
Table 1-16 Define a user-defined ACL rule
To do... Use the command... Remarks
Enter system view
system-view
—
Create or enter
user-defined ACL
view
acl { number acl-number |
name acl-name [ advanced |
basic | link | user ] }
[ match-order { config |
auto } ]
Required
By default, the match
order is config.
Define an ACL rule
rule [ rule-id ] { permit | deny }
{ rule-string rule-mask offset }
&<1-8> [ time-range
time-name ]
Required
Display ACL
information
display acl config { all |
acl-number | acl-name }
Optional
This command can be
executed in any view.