Filter
Top Products
Brief Introduction to ACL 355
Table 365 Define Layer-2 ACL
Defining the User-defined ACL
The user-defined ACL matches any bytes in the first 80 bytes of the Layer-2 data
frame with the character string defined by the user and then processes them
accordingly. To correctly use the user-defined ACL, you are required to understand the
Layer-2 data frame structure.
Any packet ending up at the FFP (Fast Filter Processor), that performs ACL
functionality, will contain a VLAN tag. Even packets that ingress the Switch untagged
will be tagged at the FFP.
You can use the following commands to define user-defined ACL.
Perform the following configuration in corresponding view.
Table 366 Defining the User-defined ACL
rule-string is a character string defined by a user. It is made up of a hexadecimal
character string with even digits of characters.
rule-mask offset is used to extract
the packet information. Here, rule-mask is rule mask, used for logical AND operation
with bytes from the data packets and corresponding bytes from the rule-mask and
offset determines the start location of the rule-mask in the packet.
rule-mask
offset
extracts a character string from the packet and compares it with the
user-defined rule-string to identify and process the matched packets.
Activating ACL The defined ACL can be active after being activated globally on the Switch. This
function is used to activate the ACL filtering or classify the data transmitted by the
hardware of the Switch.
You can use the following command to activate the defined ACL.
Perform the following configuration in Ethernet Port View.
Operation Command
Enter Layer-2 ACL view (from
System View)
acl number acl_number [ match-order { config |
auto }
Add a sub-item to the ACL
(from Layer-2 ACL View)
rule [ rule_id ] { permit | deny } [ [ type
protocol_type type_mask | lsap lsap_type
type_mask ] | format_type | cos cos | source {
source_vlan_id | source_mac_addr
source_mac_wildcard }* | dest { dest_mac_addr
dest_mac_wildcard } | time-range name ]*
Delete a sub-item from the ACL
(from Layer-2 ACL View)
undo rule rule_id
Delete one ACL or all the ACL
(from System View)
undo acl { number acl_number | all }
Operation Command
Enter user-defined ACL view (from System
View)
acl number acl_number [ match-order
{ config | auto } ]
Add a sub-item to the ACL (from
User-defined ACL View)
rule [ rule_id ] { permit | deny } {
rule_string rule_mask offset }&<1-8>
[ time-range name ]
Delete a sub-item from the ACL (from
User-defined ACL View)
undo rule rule_id
Delete one ACL or all the ACL (from System
View)
undo acl { number acl_number | all }