3Com Switch 8800 Advanced Software V5 Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 9400sl 4-Port 10-GbE Module

801

802

803

804

805

806

807

808

809

810

Configuring an Ethernet Frame Header ACL 809

Configuration Example # Create IPv4 ACL 3000, permitting TCP packets with port number 80 sent from

129.9.0.0 to 202.38.160.0 to pass.

<Sysname> system-view

[Sysname] acl number 3000

[Sysname-acl-adv-3000] rule permit tcp source 129.9.0.0 0.0.255.255

destination 202.38.160.0 0.0.0.255 destination-port eq 80

# Verify the configuration.

[Sysname-acl-adv-3000] display acl 3000

Advanced ACL 3000, 1 rule,

Acl’s step is 5

rule 0 permit tcp source 129.9.0.0 0.0.255.255 destination 202.38.1

60.0 0.0.2.255 destination-port eq www (5 times matched)

Configuring an

Ethernet Frame

Header ACL

Ethernet frame header ACLs filter packets based on Layer 2 protocol header fields

such as source MAC address, destination MAC address, 802.1p priority (VLAN

priority), and link layer protocol type. They are numbered in the range 4000 to

4999.

Configuration

Prerequisites

If you want to reference a time range to a rule, define it with the time-range

command first.

Configuration Procedure Follow these steps to configure an Ethernet frame header ACL:

You will fail to create or modify a rule if its permit/deny statement is exactly the

same as another rule. In addition, if the ACL match order is set to auto rather than

config, you cannot modify ACL rules.

When defining ACL rules, you need not assign them IDs. The system can

automatically assign rule IDs, starting with 0 and increasing in certain rule

numbering steps. A rule ID thus assigned is greater than the current highest rule

ID. For example, if the rule numbering step is five and the current highest rule ID is

To do... Use the command... Remarks

Enter system view system-view --

Create and enter Ethernet

frame header ACL view

acl number acl-number [

match-order { auto | config

} ]

Required

The default match order is

config.

Create or modify a rule rule [ rule-id ] { deny | permit

} [ cos vlan-pri | dest-mac

dest-addr dest-mask | lsap

lsap-code lsap-wildcard |

source-mac sour-addr

source-mask | time-range

time-name | type type-code

type-wildcard ] *

Required

To create multiple rules,

repeat this step.

Set a rule numbering step step step-value Optional

The default step is 5.

Create an ACL description description text Optional

Create a rule description rule rule-id comment text Optional