H3C S7500E Series Ethernet Switches Operation Manual

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

981

982

983

984

985

986

987

988

989

990

Operation Manual – ACL

H3C S7500E Series Ethernet Switches Chapter 2 IPv4 ACL Configuration

2-7

To do… Use the command… Remarks

Enter system view

system-view

––

Create and enter

Ethernet frame

header ACL view

acl number acl-number

[ name acl-name ]

[ match-order { auto |

config } ]

Required

The default match order is

config.

If you specify a name for an

IPv4 ACL when creating the

ACL, you can use the acl

name acl-name command to

enter the view of the ACL

later.

Create or modify a

rule

rule [ rule-id ] { deny | permit }

[ cos vlan-pri | dest-mac

dest-addr dest-mask | lsap

lsap-code lsap-wildcard |

source-mac sour-addr

source-mask | time-range

time-name | type type-code

type-wildcard ] *

Required

To create multiple rules,

repeat this step.

Note that the lsap keyword is

not supported if the ACL is to

be referenced by a QoS

policy for traffic classification.

Set a rule

numbering step

step step-value

Optional

The default step is 5.

Create an ACL

description

description text

Optional

By default, no IPv4 ACL

description is present.

Create a rule

description

rule rule-id comment text

Optional

By default, no rule description

is present.

Note that:

z You will fail to create or modify a rule if its permit/deny statement is exactly the

same as another rule. In addition, if the ACL match order is set to auto rather than

config, you cannot modify ACL rules.

z You may use the display acl command to verify rules configured in an ACL. If the

match order for this ACL is auto, rules are displayed in the depth-first match order

rather than by rule number.