Configuring an Ethernet frame header ACL
Ethernet frame header ACLs, also called "Layer 2 ACLs," match packets based on Layer 2 protocol header fields, such as source MAC address, destination MAC address, 802.1p priority (VLAN priority), and link layer protocol type.
To configure an Ethernet frame header ACL:
Step | Command | Remarks |
|---|---|---|
1. Enter system view. | system-view | N/A |
2. Create an Ethernet frame header ACL and enter its view. | acl number acl-number [ name acl-name ] [ match-order { auto | config } ] | By default, no ACL exists. Ethernet frame header ACLs are numbered in the range of 4000 to 4999. You can use the acl name acl-name command to enter the view of a named Ethernet frame header ACL. |
3. Configure a description for the Ethernet frame header ACL. | description text | Optional. By default, an Ethernet frame header ACL has no ACL description. |
4. Set the rule numbering step. | step step-value | Optional. The default setting is 5. |
5. Create or edit a rule. | rule [ rule-id ] { deny | permit } [ cos vlan-pri | counting | dest-mac dest-addr dest-mask | logging | { lsap lsap-type lsap-type-mask | type protocol-type protocol-type-mask } | source-mac sour-addr source-mask | time-range time-range-name ] * | By default an Ethernet frame header ACL does not include any rule. To use the logging keyword, make sure that module that uses the ACL supports logging. |
6. Add or edit a rule comment. | rule rule-id comment text | Optional. By default, no rule comments are configured. |