1-8
Configuration Example
# Configure ACL 4000 to deny packets sourced from the MAC address 000d-88f5-97ed, and with their
802.1p priority being 3.
<Sysname> system-view
[Sysname] acl number 4000
[Sysname-acl-ethernetframe-4000] rule deny cos 3 source 000d-88f5-97ed ffff-ffff-ffff
# Display the configuration information of ACL 4000.
[Sysname-acl-ethernetframe-4000] display acl 4000
Ethernet frame ACL 4000, 1 rule
Acl's step is 1
rule 0 deny cos excellent-effort source 000d-88f5-97ed ffff-ffff-ffff
ACL Assignment
On an S4210 Ethernet switch, you can assign ACLs to the hardware for packet filtering.
As for ACL assignment, the following four ways are available.
z Assigning ACLs globally, for filtering the inbound packets on all the ports.
z Assigning ACLs to a VLAN, for filtering the inbound packets on all the ports and belonging to a
VLAN.
z Assigning ACLs to a port, for filtering the inbound packets on a port.
You can assign ACLs in the above-mentioned ways as required.
In terms of priority, the ACLs assigned globally, ACLs assigned to a VLAN and ACLs assigned to a port
group (or a port) rank in descending order. If a packet matches multiple rules in these ACLs and is
permitted by some rules but denied by the others, the device permits or denies the packet based on the
rule in the ACL with the highest priority.
Assigning an ACL Globally
Configuration prerequisites
Before applying ACL rules to a VLAN, you need to define the related ACLs. For information about
defining an ACL, refer to section
Configuring Basic ACL, section Configuring Advanced ACL, section
Configuring Layer 2 ACL.
Configure procedure
Table 1-5 Assign an ACL globally
Operation Command Description
Enter system view
system-view
—
To Next Page
Loading...