Can S series switches deliver ACL rules at Layer 2 and Layer 3 simultaneously

24

You can match the fields of ACL rules at Layer 2 and Layer 3 in the classifier at the same time. After the configuration, an S series switch can deliver ACL rules at Layer 2 and Layer 3 simultaneously.

Other related questions:
Configure Layer 2 ACLs on S series switches
A Layer 2 ACL with the number ranging from 4000 to 4999 can be configured on an S series switch (except the S1700 switch). A Layer 2 ACL defines rules based on information in Ethernet frame headers of packets, such as source MAC addresses, destination MAC addresses, and Layer 2 protocol types. For example, create a rule in ACL 4001 to allow the ARP packets with the destination MAC address 0000-0000-0001, source MAC address 0000-0000-0002, and Layer 2 protocol type 0x0806 to pass. [HUAWEI] acl 4001 [HUAWEI-acl-L2-4001] rule permit destination-mac 0000-0000-0001 source-mac 0000-0000-0002 l2-protocol 0x0806 Create a rule in the Layer 2 ACL deny-vlan10-mac to reject the packets from the MAC addresses ranging from 00e0-fc01-0000 to 00e0-fc01-ffff in VLAN 10. [HUAWEI] acl name deny-vlan10-mac link [HUAWEI-acl-L2-deny-vlan10-mac] rule deny vlan-id 10 source-mac 00e0-fc01-0000 ffff-ffff-0000

Can S series switches implement rate limitation using Layer 2 ACL rules
S series switches can implement rate limitation on traffic using Layer 2 ACL rules. For example, set the maximum bandwidth for the traffic of which the source and destination MAC addresses are 0000-0000-0002 and 0000-0000-0001, respectively, to 4 Mbit/s. [HUAWEI] acl 4000 [HUAWEI-acl-L2-4000] rule permit destination-mac 0000-0000-0001 source-mac 0000-0000-0002 [HUAWEI-acl-L2-4000] quit [HUAWEI] traffic classifier c1 [HUAWEI-classifier-c1] if-match acl 4000 [HUAWEI-classifier-c1] quit [HUAWEI] traffic behavior b1 [HUAWEI-behavior-b1] car cir 4096 [HUAWEI-behavior-b1] quit [HUAWEI] traffic policy p1 [HUAWEI-trafficpolicy-p1] classifier c1 behavior b1 [HUAWEI-trafficpolicy-p1] quit [HUAWEI] interface gigabitethernet 1/0/1 [HUAWEI-GigabitEthernet1/0/1] traffic-policy p1 inbound

How to configure and delete a Layer 2 ACL on the AR
A Layer 2 ACL defines rules based on the information in Ethernet frame headers of packets, such as the source MAC address, destination MAC address, and Ethernet frame protocol number. The number ranges from 4000 to 4999.
Command: rule [ rule-id ] { permit | deny } [ l2-protocol type-value [ type-mask ] | destination-mac dest-mac-address [ dest-mac-mask ] | source-mac source-mac-address [ source-mac-mask ] | vlan-id vlan-id [ vlan-id-mask ] | 8021p 802.1p-value | [ time-range time-name ] ]
Add a rule to ACL 4000 to match packets with the destination MAC address of 0000-0000-0001, source MAC address of 0000-0000-0002, and Layer 2 protocol type of 0x0800.
system-view
[Huawei] acl 4001
[Huawei-acl-L2-4001] rule permit destination-mac 0000-0000-0001 source-mac 0000-0000-0002 l2-protocol 0x0800

How to determine whether an S series switch is a Layer 2 or Layer 3 switch
All models of the S600, S1720, and S2700 are Layer 2 switches. All models of the S3700 and S6700 are Layer 3 switches. The S5700-LI, S5700S-LI, S5710-LI, S5720-LI, and S5720S-LI series are Layer 2 switches. The S5700-EI, S5700-SI, and S5700-HI series are Layer 3 switches. All models of the S9300, S7700, S9700, and S12700 are Layer 3 switches.

Do Ethernet interfaces on CE series switches support switching between Layer 2 and Layer 3 modes
Ethernet interfaces on all CE series switches, except the CE6810LI, support switching between Layer 2 and Layer 3 modes. By default, Ethernet interfaces on CE series switches work in Layer 2 mode. 1. Switching Layer 2 interface to Layer 3 mode: Run the undo portswitch command in the interface view to switch a Layer 2 interface to Layer 3 mode. Before switching, delete all non-default configurations from the interface. 2. Switching Layer 3 interface to Layer 2 mode: Run the portswitch command in the interface view to switch a Layer 3 interface to Layer 2 mode. Before switching, delete all Layer 3 service configurations from the interface.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top