3com S7906E 설치 설명서
2-6
Configuring an Ethernet Frame Header ACL
Ethernet frame header ACLs filter packets based on Layer 2 protocol header fields such as source MAC
address, destination MAC address, 802.1p priority (VLAN priority), and link layer protocol type. They
are numbered in the range 4000 to 4999.
Configuration Prerequisites
If you want to reference a time range to a rule, define it with the time-range command first.
Configuration Procedure
Follow these steps to configure an Ethernet frame header ACL:
To do…
Use the command…
Remarks
Enter system view
system-view
––
Create and enter Ethernet
frame header ACL view
frame header ACL view
acl number acl-number [ name
acl-name ] [ match-order { auto |
config } ]
acl-name ] [ match-order { auto |
config } ]
Required
The default match order is
config.
config.
If you specify a name for an
IPv4 ACL when creating the
ACL, you can use the acl name
acl-name command to enter
the view of the ACL later.
IPv4 ACL when creating the
ACL, you can use the acl name
acl-name command to enter
the view of the ACL later.
Create or modify a rule
rule [ rule-id ] { deny | permit } [ cos
vlan-pri | dest-mac
vlan-pri | dest-mac
dest-addr
dest-mask | lsap lsap-code
lsap-wildcard | source-mac
sour-addr
lsap-wildcard | source-mac
sour-addr
source-mask |
time-range time-range-name | type
type-code type-wildcard ] *
type-code type-wildcard ] *
Required
To create multiple rules, repeat
this step.
this step.
Note that the lsap keyword is
not supported if the ACL is to
be referenced by a QoS policy
for traffic classification.
not supported if the ACL is to
be referenced by a QoS policy
for traffic classification.
Set a rule numbering step step step-value
Optional
The default step is 5.
Create an ACL description description text
Optional
By default, no IPv4 ACL
description is present.
description is present.
Create a rule description
rule rule-id comment text
Optional
By default, no rule description
is present.
is present.
Note that:
z
You can only modify the existing rules of an ACL that uses the match order of config. When
modifying a rule of such an ACL, you may choose to change just some of the settings, in which
case the other settings remain the same.
z
You cannot create a rule with, or modify a rule to have, the same permit/deny statement as an
existing rule in the ACL.
z
When the ACL match order is auto, a newly created rule will be inserted among the existing rules in
the depth-first match order. Note that the IDs of the rules still remain the same.