Installation manual

ManualsBrandsQuidway ManualsComputer equipmentS3000-EI Series

131

132

133

134

135

136

137

138

139

140

Command Manual - QoS/ACL

Quidway S3000-EI Series Ethernet Switches Chapter 1 ACL Commands

Huawei Technologies Proprietary

1-10

address wildcard of the data packets. These two parameters give the source MAC

address range interested the users. For example, if source-mac-wildcard is specified

as 0.0.ffff, it indicates that the user is interested in the first 32 bits (corresponding to the

0s in wildcard) of the source MAC address. interface { interface-name | interface-type

interface-num } represents the L2 port receiving the packets. any represents all the

packets received from all the ports.

egress { { dest-mac-addr dest-mac-wildcard | interface { interface-name |

interface-type interface-num } }* | any }: Specifies the destination information of data

packets. dest-mac-addr dest-mac-wildcard specifies the destination MAC address and

destination MAC address wildcard of the data packets. For example, if

dest-mac-wildcard is specified as 0.0.ffff, it indicates that the user is interested in the

first 32 bits (corresponding to the 0s in wildcard) of the destination MAC address.

interface { interface-name | interface-type interface-num } the L2 port forwarding the

packets. any represents all the packets forwarded by all the ports.

z The parameter of user-defined ACL

{ rule-string rule-mask offset }&<1-8>: rule-string is a character string of a rule defined

by a user. It only consists of hexadecimal numbers of even digits. rule-mask offset is

used to extract the packet information. Here, rule-mask is rule mask, used for logical

AND operation with data packets, and offset determines to perform AND operation

from which bytes apart from the packet header. rule-mask offset extracts a character

string from the packet and compares it with the user-defined rule-string to get and

process the matched packets. &<1-8> indicates that you can define up to 8 such rules

at a time. This parameter is used for the user-defined ACL.

Description

Using rule command, you can add a rule to an ACL. Using undo rule command, you

can cancel a rule from an ACL.

You can add a lot of rules to an ACL. If you input the parameter when use the undo

rule command, the system will delete the corresponding content of the rule according

to the parameter input.

For related configurations, refer to command acl.

Example

# Add a rule to an advanced ACL.

[Quidway-acl-adv-3000] rule 1 permit tcp established source 1.1.1.1 0

destination 2.2.2.2 0

# Add a rule to a basic ACL.

[Quidway-acl-basic-2000] rule 1 permit source 1.1.1.1 0 fragment

# Add a rule to an L2 ACL.

[Quidway-acl-link-4000] rule 1 permit ingress 1 egress any