Configuring An Ethernet Frame Header Acl - HP 5830 Series Configuration Manual
Acl and qos
Hide thumbs
Also See for 5830 Series:
- Installation manual (66 pages) ,
- Configuration manual (170 pages)
Table of Contents
Advertisement
Step
2.
Create an IPv6
advanced ACL
and enter its view.
3.
Configure a
description for the
IPv6 advanced
ACL.
4.
Set the rule
numbering step.
5.
Create or edit a
rule.
6.
Add or edit a rule
comment.
7.
Add or edit a rule
range remark.
8.
Enable counting
ACL rule matches
performed in
hardware.
Configuring an Ethernet frame header ACL
Ethernet frame header ACLs, also called "Layer 2 ACLs," match packets based on Layer 2 protocol
header fields, such as source MAC address, destination MAC address, 802.1p priority (VLAN priority),
and link layer protocol type.
To configure an Ethernet frame header ACL:
Command
acl ipv6 number acl6-number [ name
acl6-name ] [ match-order { auto |
config } ]
description text
step step-value
rule [ rule-id ] { deny | permit } protocol
[ { { ack ack-value | fin fin-value | psh
psh-value | rst rst-value | syn syn-value
| urg urg-value } * | established } |
counting | destination { dest-address
dest-prefix | dest-address/dest-prefix |
any } | destination-port operator port1
[ port2 ] | dscp dscp | flow-label
flow-label-value | fragment |
icmp6-type { icmp6-type icmp6-code |
icmp6-message } | logging | routing
[ type routing-type ] | source
{ source-address source-prefix |
source-address/source-prefix | any } |
source-port operator port1 [ port2 ] |
time-range time-range-name |
vpn-instance vpn-instance-name ] *
rule rule-id comment text
rule [ rule-id ] remark text
hardware-count enable
8
Remarks
By default, no ACL exists.
IPv6 advanced ACLs are numbered in the
range of 3000 to 3999.
You can use the acl ipv6 name acl6-name
command to enter the view of a named
ACL.
Optional.
By default, an IPv6 advanced ACL has no
ACL description.
Optional.
The default setting is 5.
By default, an IPv6 advanced ACL does not
contain any rules.
When the protocol argument takes 43, 44,
51, or 60, the ACL cannot function for the
outbound QoS application.
If an IPv6 advanced ACL is for QoS traffic
classification or packet filtering:
•
Do not specify the fragment, routing, or
vpn-instance keyword or specify neq
for the operator argument.
•
Do not specify the flow-label keyword if
the ACL is for outbound QoS traffic
classification or outbound packet
filtering.
•
The logging and counting keywords
(even if specified) do not take effect for
QoS traffic classification.
Optional.
By default, no rule comments are
configured.
Optional.
By default, no rule range remarks are
configured.
Optional.
By default, this feature is disabled.
When the ACL is referenced by a QoS
policy, this command does not take effect.
Advertisement
Table of Contents
