Manualshelf

H3C S7500E Series Ethernet Switches Operation Manual

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module
981982983984985986987988989990
Operation Manual – ACL
H3C S7500E Series Ethernet Switches Chapter 2 IPv4 ACL Configuration
2-6
Caution:
z You can modify the match order of an ACL with the acl number acl-number [ name
acl-name ] match-order { auto | config } command but only when it does not
contain any rules.
z The rule specified in the rule comment command must have existed.
2.3.3 Configuration Examples
# Create IPv4 ACL 3000, permitting TCP packets with port number 80 sent from
129.9.0.0 to 202.38.160.0 to pass.
<Sysname> system-view
[Sysname] acl number 3000
[Sysname-acl-adv-3000] rule permit tcp source 129.9.0.0 0.0.255.255
destination 202.38.160.0 0.0.0.255 destination-port eq 80
# Verify the configuration.
[Sysname-acl-adv-3000] display acl 3000
Advanced ACL 3000, named -none-, 1 rule,
ACL's step is 5
rule 0 permit tcp source 129.9.0.0 0.0.255.255 destination 202.38.160.0
0.0.0.255 destination-port eq www
2.4 Configuring an Ethernet Frame Header ACL
Ethernet frame header ACLs filter packets based on Layer 2 protocol header fields
such as source MAC address, destination MAC address, 802.1p priority (VLAN priority),
and link layer protocol type. They are numbered in the range 4000 to 4999.
2.4.1 Configuration Prerequisites
If you want to reference a time range to a rule, define it with the time-range command
first.
2.4.2 Configuration Procedure
Follow these steps to configure an Ethernet frame header ACL: