3Com S7902E Command Reference Manual - page 1942
1-18
deny
: Defines a deny statement to drop matched packets.
permit
: Defines a permit statement to allow matched packets to pass.
cos vlan-pri:
Defines an 802.1p priority. The
vlan-pri
argument takes a value in the range 0 to 7; or its
equivalent in words,
best-effort
,
background
,
spare
,
excellent-effort
,
controlled-load
,
video
,
voice
,
or
network-management
.
dest-mac
dest-addr
dest-mask:
Specifies a destination MAC address range. The
dest-addr
and
dest-mask
arguments indicate a destination MAC address and mask in xxxx-xxxx-xxxx format.
lsap lsap-code
lsap-wildcard:
Defines the DSAP and SSAP fields in the LLC encapsulation. The
lsap-code
argument is a 16-bit hexadecimal number indicating frame encapsulation. The
lsap-wildcard
argument is a 16-bit hexadecimal number indicating the wildcard of the LSAP code.
source-mac
sour-addr
source-mask:
Specifies a source MAC address range. The
sour-addr
and
sour-mask
arguments indicate a source MAC address and mask in xxxx-xxxx-xxxx format.
time-range
time-range-name:
Specifies the time range in which the rule can take effect. The
time-range-name
argument comprises 1 to 32 characters. It is case insensitive and must start with an
English letter. To avoid confusion, this name cannot be all.
type
type-code
type-wildcard:
Defines a link layer protocol. The
type-code
argument is a 16-bit
hexadecimal number indicating frame type. It is corresponding to the type-code field in Ethernet_II and
Ethernet_SNAP frames. The
type-wildcard
argument is a 16-bit hexadecimal number indicating the
wildcard.
Description
Use the
rule
command to create an Ethernet frame header ACL rule or modify the rule if it has existed.
Use the
undo
rule
command to remove an Ethernet frame header ACL rule.
Note that:
z
You will fail to create or modify a rule if its permit/deny statement is exactly the same as another
rule. In addition, if the ACL match order is set to
auto
rather than
config
, you cannot modify ACL
rules.
z
When defining ACL rules, you need not assign them IDs. The system can automatically assign rule
IDs, starting with 0 and increasing in certain rule numbering steps. A rule ID thus assigned is
greater than the current highest rule ID. For example, if the rule numbering step is five and the
current highest rule ID is 28, the next rule will be numbered 30.
z
You may use the
display acl
command to verify rules configured in an ACL. If the match order for
this ACL is
auto
, rules are displayed in the depth-first order rather than by rule number.
For an Ethernet frame header ACL to be referenced by a QoS policy for traffic classification, the
lsap
keyword is not supported.
Examples
# Create a rule to deny packets with the 802.1p priority of 3.