HP 6125XLG R2306-HP 6125XLG Blade Switch ACL and QoS Configuration Guide - Page 14
Configuring an Ethernet frame header ACL
View all HP 6125XLG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 14 highlights
Step Command Remarks By default, IPv6 advanced ACL does not contain any rule. The logging keyword takes effect only when the module (for example, packet filtering) that uses the ACL supports logging. If an IPv6 advanced ACL is for QoS traffic classification: • Do not specify the vpn-instance or fragment keyword. • Do not specify neq for the rule [ rule-id ] { deny | permit } protocol [ { { ack ack-value | fin fin-value | psh psh-value | rst rst-value | syn syn-value | operator argument. • If the ACL is for outbound QoS traffic classification: urg urg-value } * | established } | counting { Do not specify the routing, | destination { dest-address dest-prefix | hop-by-hop, or flow-label dest-address/dest-prefix | any } | keyword. destination-port operator port1 [ port2 ] | { Do not specify ipv6-ah or dscp dscp | flow-label flow-label-value | 5. Create or edit a rule. fragment | icmp6-type { icmp6-type ipv6-esp for the protocol argument, nor set its value to icmp6-code | icmp6-message } | logging | 0, 43, 44, 51, or 60. routing [ type routing-type ] | hop-by-hop [ type hop-type ] | source { source-address source-prefix | source-address/source-prefix | any } | source-port operator port1 [ port2 ] | time-range time-range-name | vpn-instance vpn-instance-name ] * If an IPv6 advanced ACL is for packet filtering: • Do not specify the vpn-instance, routing, hop-by-hop, fragment, or flow-label keyword. • Do not specify ipv6-ah or ipv6-esp for the protocol argument, nor set its value to 0, 43, 44, 51, or 60. • Do not specify neq for the operator argument. If an ACL is to match information in the IPv6 packet payload, it cannot match the packet with more than two extension headers or with the Encapsulating Security Payload Header. 6. (Optional.) Add or edit a rule comment. rule rule-id comment text By default, no rule comments are configured. Configuring an Ethernet frame header ACL Ethernet frame header ACLs, also called "Layer 2 ACLs," match packets based on Layer 2 protocol header fields, such as source MAC address, destination MAC address, 802.1p priority (VLAN priority), and link layer protocol type. To configure an Ethernet frame header ACL: 8