mac

ManualsBrandsip ManualsNetworkingipv6

431

432

433

434

435

436

437

438

439

440

Commands for Self-defined ACL

433

sOffset The configuration offset is from 0 to 31 (unit is 2Bytes)

lOffset The configuration offset is from 0 to 15 (unit is 4Bytes)

Command Mode: Global Mode

Default: No Configuration Template

Usage Guide: {l2start | l2endoftag | l3start | l4start} is used to configure the start offset

position of a swindow, <sOffset> is used to configure the offset of a swindow, the range is

<0-31>, unit is 2Bytes, namely, 0 means 0Bytes offset and 1 means 2Bytes offset.

{l2endoftag | l3start | l4start} is used to configure the start offset position of a lwindow,

<lOffset> is used to configure the offset of a lwindow, the range is <0-15>, unit is 4Bytes,

namely, 0 means 0Bytes offset and 1 means 4Bytes offset. Extended self-defined ACL

template can configure the start offset position and offset for 2 swindows and 8 lwindows

at most. One extended self-defined ACL template can be shared in global mode. The

swindow or lwindow cannot be modified if the extended self-defined ACL rule is

configured with this swindow or lwindow. But the swindow or lwindow configuration can

be modified with this command if the extended self-defined ACL rule is not configured.

The no command can delete one or more offset configuration of the window in the

template or delete the whole template. The swindow or lwindow in the template can be

deleted successfully when it is not used by the self-defined ACL rule.

Example: Create a global template with 2 swindows and 2 lwindows and configure the

start offset position and the offset to them respectively.

Switch(config)#userdefined-access-list extended offset swindow1 l2s 0 swindow2 l2e 0

lwindow5 l3 3 lwindow7 l4 0

37.3 userdefined-access-list standard

Command: userdefined-access-list standard <num> {deny | permit}

{any-source-mac | { host-source-mac <host_smac>} | {<smac> <smac-mask>}}

{any-destination-mac | {host-destination-mac <host_dmac>} | {<dmac>

<dmac-mask>}} {untagged-eth2 | tagged-eth2 [cos <value> [<mask>]] [vlanId

<value> [<mask>]] | untagged-802-3 | tagged-802-3 [cos <value> [<mask>]] [vlanId

<value> [<mask>]]} [window1 <value> <mask>] [window2 <value> <mask>]

[window3 <value> <mask>] [window4 <value> <mask>] [window5 <value> <mask>]

[window6 <value> <mask>] [window7 <value> <mask>] [window8 <value> <mask>]

[window9 <value> <mask>] [window10 <value> <mask>] [window11 <value>

<mask>]

no userdefined-access-list <num>

Function: Create a numbered standard self-defined ACL. If the standard self-defined

ACL exists, then a rule will be added to the ACL. The no command deletes a numbered