Configuring an ARP-based ACL Rule
Context
An ARP-based ACL classifies packets by matching packet information against its rules. After an ARP-based ACL is created, configure rules in the ARP-based ACL.
Procedure
- Run system-view
The system view is displayed.
- Run acl { [ number ] acl-number | name acl-name [ [ number ] acl-number | arp ] }
An ARP-based ACL is created, and the ARP-based ACL view is displayed.
The parameter acl-number specifies the number of an ARP-based ACL. The value ranges from 23000 to 23999.
By default, no ARP-based ACL exists on the device.
- Configure the ARP-based ACL rules.
To configure a rule to match ARP request packets, run:
rule [ rule-id ] [ name rule-name ] { deny | permit } [ request ] [ source-ip { source-ip-address { source-wildcard | 0 | src-netmask } | any } | source-mac { source-mac [ source-mac-mask ] | any } | time-range time-name ] *
To configure a rule to match ARP reply packets, run:
rule [ rule-id ] [ name rule-name ] { deny | permit } reply [ source-ip { source-ip-address { source-wildcard | 0 | src-netmask } | any } | destination-ip { destination-ip-address { destination-wildcard | 0 | des-netmask } | any } | source-mac { source-mac [ source-mac-mask ] | any } | destination-mac { dest-mac [ dest-mac-mask ] | any } | time-range time-name ] *
- (Optional) Run rule rule-id description description
The description of an ARP-based ACL rule is configured.
By default, no description is configured for an ARP-based ACL rule.
You are not allowed to configure the description for a rule that has not been created.
- Run commit
The configuration is committed.