1-12
[Sysname-Ethernet1/0/1] packet-filter inbound ip-group 2000
Applying ACL Rules to Ports in a VLAN
By applying ACL rules to ports in a VLAN, you can add filtering of packets on all the ports
in the VLAN.
Note:
The ACL rules are only applied to ports that are in the VLAN at the time the packet-filter
vlan command is executed. In other words:
z A port joining the VLAN later will not use the ACL rules for packet filtering.
z A port leaving the VLAN later will keep using the ACL rules for packet filtering.
Configuration prerequisites
Before applying ACL rules to ports in a VLAN, you need to define the related ACLs. For
information about defining an ACL, refer to
Configuring Basic ACL, Configuring Advanced
ACL
, Configuring Layer 2 ACL, and Configuring User-defined ACL.
Configuration procedure
Follow these steps to apply ACL rules to ports in a VLAN:
To do... Use the command... Remarks
Enter system view
system-view
—
Apply ACL rules to ports in
a VLAN
packet-filter vlan vlan-id
{ inbound | outbound }
acl-rule
Required
For information about
acl-rule, refer to ACL
Commands.
Configuration example
# Apply ACL 2000 to all ports of VLAN 1 in the inbound direction to filter packets.
<Sysname> system-view
[Sysname] packet-filter vlan 1 inbound ip-group 2000
Displaying and Maintaining ACL Configuration
To do... Use the command... Remarks
Display a configured ACL or
all the ACLs
display acl { all | acl-number }
Display a time range or all
the time ranges
display time-range { all |
time-name }
Available in any
view
To Next Page
Loading...
