2098 CHAPTER 138: IP V4 ACL CONFIGURATION COMMANDStime-range time-name: Specifies the time range in which the rule can take effect.The time-name argument comprises 1 to 32 characters. It is case insensitive andmust start with an English letter. To avoid confusion, this name cannot be all.type type-code type-wildcard: Defines a link layer protocol. The type-codeargument is a 16-bit hexadecimal number indicating frame type. It iscorresponding to the type-code field in Ethernet_II and Ethernet_SNAP frames.The type-wildcard argument is a 16-bit hexadecimal number indicating thewildcard.The use of this parameter depends on the hardware chip of your device.Description Use the rule command to create an Ethernet frame header ACL rule or modify therule if it has existed.Use the undo rule command to remove an Ethernet frame header ACL rule.You will fail to create or modify a rule if its permit/deny statement is exactly thesame as another rule. In addition, if the ACL match order is set to auto rather thanconfig, you cannot modify ACL rules.When defining ACL rules, you need not assign them IDs. The system canautomatically assign rule IDs, starting with 0 and increasing in certain rulenumbering steps. A rule ID thus assigned is greater than the current highest ruleID. For example, if the rule numbering step is five and the current highest rule ID is28, the next rule will be numbered 30. For detailed information about step, referto “step (for IPv4)” on page 2100 and “step (for IPv6)” on page 2116.You may use the display acl command to verify rules configured in an ACL. If thematch order for this ACL is auto, rules are displayed in the depth-first order ratherthan by rule number.Example # Create a rule to deny packets with the 802.1p priority of 3. system-view[Sysname] acl number 4000[Sysname-acl-ethernetframe-4000] rule deny cos 3rule (in user-defined ACL view)Syntax rule [ rule-id ] { deny | permit } [ { l2 rule-string rule-mask offset }&<1-8> ][ time-range time-name ]undo rule rule-idView User-defined ACL viewParameter rule-id: User-defined ACL rule number in the range 0 to 65534.deny: Defines a deny statement to drop matched packets.permit: Defines a permit statement to allow matched packets to pass.