Configuring Rules for a Layer 2 ACL

This section describes how to configure rules for a Layer 2 ACL.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run acl { name link-acl-name { link | [ link ] number link-acl-number } | [ number ] link-acl-number } [ match-order { config | auto } ]

    The Layer 2 ACL view is displayed.

  3. Run rule [ rule-id ] [ name rule-name ] { deny | permit } [ type type [ type-mask ] | source-mac source-mac [ source-mac-mask ] | destination-mac dest-mac [ dest-mac-mask ] | 8021p 8021p | cvlan-8021p cvlan-8021p | time-range time-name ]

    The rules for the Layer 2 ACL are configured.

    • Adding new rules to an ACL will not affect the existing rules.

    • When an existing rule is modified and the modified contents conflict with the original contents, the modified contents take precedence.

    During the configuration of rules for the Layer 2 ACL:
    • If time-range is specified, the specified time range name must exist. If the specified time range name does not exist, the ACL rules will not take effect.

  4. (Optional) Run rule rule-id description destext

    The description for an ACL rule is configured.

    The description of an ACL rule can contain the functions of the ACL rule. Configuring a description for an ACL rule is recommended to prevent misuse of the rule in the following situations:
    • A large number of ACLs are configured, and their functions are difficult to identify.
    • An ACL is used at a long interval, and its function may be left forgotten.

  5. Run commit

    The configuration is committed.

Parent Topic: Configuring a Layer 2 ACL
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >