Add Layer 2 Rule

Add Layer 2 Rule

Operation Procedure

1. When adding a Layer 2 ACL resource or configuring a Layer 2 ACL template, you can click Add or Add Rule to configure a layer 2 rule.
2. In the Basic Info area, perform the following configurations:
   • Select the action you want to take for matching packets, permit or deny.
   • Set the time range you want to apply to this rule.
   • Set the source MAC address and destination MAC address.
3. In the Other Settings area, perform the following configurations to set matching criteria:
   • Select an 802.1 priority.
   • Select a Layer 2 encapsulation type from the Encapsulation Type list.
   • Select a Layer 2 frame type from the Based Frame Type list.
   • Set the Source VLAN ID, code, and mask.
4. Click OK.

Parameters

• 802.1 Priority: The 802.1 priority of the frames. Currently, eight 802.1 priorities are available in descending order.
• Encapsulation Type: Encapsulation type of the frame.
• Source VLAN ID: Source VLAN ID of the frame.
• Based Frame Type: Specifies the frame type.
• Code and Mask:
  • If you select Ethernet frame as based frame type, the combination of code and mask defines the link layer protocol type for the rule. The Code is a 16-bit hexadecimal number, indicating the frame type. It corresponds to the type-code field in Ethernet_II and Ethernet_SNAP frames. The Mask is a 16-bit hexadecimal number, indicating the wildcard.
  • If  you select 802.2 Ethernet frame as based frame type, the combination of code and mask defines the DSAP field and SSAP field in the LLC encapsulation. Code is a 16-bit hexadecimal number, defining the data frame encapsulation format. The mask is a 16-bit hexadecimal number, indicating the wildcard of the LSAP code.
  Whether to enable the code and mask parameters depends on your device model.
• Dynamic Parameter: Name of a user-defined parameter. Currently you can only use the dynamic parameters to define the source or destination MAC address for Ethernet frame header ACLs.
  For more information, see Create and Use Dynamic Parameter File.  
• Variable Address: Name of a user-defined parameter. When an ACL template is exported to an ACL rule set, the variable address value automatically changes. Currently you can only use the variable address to define the source or destination MAC address for Ethernet frame header ACLs.