Operation Manual – ACLH3C S7500 Series Ethernet Switches Chapter 1 ACL Configuration1-181.7.3 Configuration Example# Configure ACL 4000 to deny packets whose 802.1p priority is 3, source MAC addressis 000d-88f5-97ed, and destination MAC address is 011-4301-991e. system-view[H3C] acl number 4000[H3C-acl-ethernetframe-4000] rule deny cos 3 source 000d-88f5-97edffff-ffff-ffff dest 0011-4301-991e ffff-ffff-ffff[H3C-acl-ethernetframe-4000] display acl config 4000Ethernet frame ACL 4000, 1 rulerule 0 deny cos excellent-effort source 000d-88f5-97ed ffff-ffff-ffff dest0011-4301-991e ffff-ffff-ffff (0 times matched)1.8 Defining User-Defined ACLsUsing a byte, which is specified through its offset from the packet header, in the packetas the starting point, user-defined ACLs perform logical AND operations on packetsand compare the extracted string with the user-defined string to find the matchingpackets for processing.User-defined ACL numbers range from 5,000 to 5,999.1.8.1 Configuration PrerequisitesTo configure a time range-based ACL rule, you need first to define the correspondingtime range, as described in Configuring Time Ranges.1.8.2 Configuration ProcedureTable 1-16 Define a user-defined ACL ruleTo do... Use the command... RemarksEnter system view system-view —Create or enteruser-defined ACLviewacl { number acl-number |name acl-name [ advanced |basic | link | user ] }[ match-order { config |auto } ]RequiredBy default, the matchorder is config.Define an ACL rulerule [ rule-id ] { permit | deny }{ rule-string rule-mask offset }&<1-8> [ time-rangetime-name ]RequiredDisplay ACLinformationdisplay acl config { all |acl-number | acl-name }OptionalThis command can beexecuted in any view.