EasyManua.ls Logo

3Com 4200G 12-Port - ACL Assignment

3Com 4200G 12-Port
730 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
1-8
z The content of a modified or created rule cannot be identical with the content of any existing rules;
otherwise the rule modification or creation will fail, and the system prompts that the rule already
exists.
Configuration Example
# Configure ACL 4000 to deny packets sourced from the MAC address 000d-88f5-97ed, destined for
the MAC address 0011-4301-991e, and with their 802.1p priority being 3.
<Sysname> system-view
[Sysname] acl number 4000
[Sysname-acl-ethernetframe-4000] rule deny cos 3 source 000d-88f5-97ed ffff-ffff-ffff dest
0011-4301-991e ffff-ffff-ffff
# Display the configuration information of ACL 4000.
[Sysname-acl-ethernetframe-4000] display acl 4000
Ethernet frame ACL 4000, 1 rule
Acl's step is 1
rule 0 deny cos excellent-effort source 000d-88f5-97ed ffff-ffff-ffff dest 0011-4301-991e
ffff-ffff-ffff
ACL Assignment
On a Switch 4200G, you can assign ACLs to the hardware for packet filtering.
As for ACL assignment, the following four ways are available.
z Assigning ACLs globally, for filtering the inbound packets on all the ports.
z Assigning ACLs to a VLAN, for filtering the inbound packets on all the ports and belonging to a
VLAN.
z Assigning ACLs to a port group, for filtering the inbound packets on all the ports in a port group. For
information about port group, refer to Port Basic Configuration.
z Assigning ACLs to a port, for filtering the inbound packets on a port.
You can assign ACLs in the above-mentioned ways as required.
z ACLs assigned globally take precedence over those that are assigned to VLANs. That is, when a
packet matches a rule of a globally assigned ACL and a rule of an ACL assigned to a VLAN, the
device will perform the action defined in the rule of the globally assigned ACL if the actions defined
in the two rules conflict.
z When a packet matches a rule of an ACL assigned globally (or assigned to a VLAN) and a rule of
an ACL assigned to a port (or port group), the device will deny the packets if the actions defined in
the two rules conflict.
z ACLs assigned globally or to a VLAN take precedence over the default ACL. However, assigning
ACLs globally or to a VLAN may affect device management that is implemented through Telnet and
so on.

Table of Contents

Related product manuals