ACL Configuration Command List 285
Note that the system has a delay of about 1 minute when updating the ACL state,
while the
display time-range command applies the current time. Therefore
when
display time-range displays that a time range is active, the ACL using it
may not have been activated yet.
For the related configuration, see the time-range command.
Example
Display all the time ranges.
<SW5500>display time-range all
Current time is 14:36:36 Apr/1/2000 Thursday
Time-range : hhy ( Inactive )
from 08:30 2-5-2005 to 18:00 2-19-2005
Time-range : hhy1 ( Inactive )
from 08:30 2-5-2003 to 18:00 2-19-2003
packet-filter Syntax
packet-filter inbound { ip-group
acl-number
[ rule
rule
[ link-group
acl-number
rule
rule
] ] | link-group
acl-number
[ rule
rule
] }
undo packet-filter inbound { ip-group acl-number [ rule rule [
link-group acl-number rule rule ] ] | link-group acl-number [ rule
rule ] }
View
Ethernet Port View.
Parameter
inbound: Filters the traffic received by the Ethernet port.
ip-group
acl-number
: Activates the IP ACLs, including basic and advanced
ACLs.
a
cl-number
specifies the sequence number of the ACL, ranging from 2000
to 3999.
link-group
acl-number
: Activates the Layer 2 ACLs.
acl-number
specifies the
ACL number, ranging from 4000 to 4999.
rule
rule
: Specifies the rule of an ACL, ranging from 0 to 65534; if not
specified, all subitems of the ACL will be activated. An ACL can have many rules.
They start at 0.
Description
Use the packet-filter command to activate the ACL on a specific interface.
Use the undo packet-filter command to disable the ACL on a specific
interface.
Example
Activate ACL 2000 for inbound traffic on interface Ethernet 1/0/1.
<SW5500>system-view
To Next Page
Loading...
