Brief Introduction to ACL 209
You can use the following command to define the numbered Layer-2 ACL.
Perform the following configuration in corresponding view.
Tab le 227 Define Layer-2 ACL
Activating ACL The defined ACL can be active after being activated globally on the Switch. This
function is used to activate the ACL filtering or classify the data transmitted by the
hardware of the Switch.
You can use the following command to activate the defined ACL.
Perform the following configuration in Ethernet Port View.
Tab le 228 Activate ACL
Displaying and
Debugging ACL
After the above configuration, execute display command in all views to display
the running of the ACL configuration, and to verify the effect of the configuration.
Execute reset command in User View to clear the statistics of the ACL module.
Tab le 229 Display and Debug ACL
The matched information of display acl command specifies the rules treated by
the software.
For syntax description, refer to the Command Reference Manual.
Operation Command
Enter Layer-2 ACL view (from
System View)
acl number
acl_number
[ match-order {
config | auto }
Add a sub-item to the ACL
(from Layer-2 ACL View)
rule [
rule_id
] { permit | deny } [ [
type
protocol_type type_mask
| lsap
lsap_type type_mask
] |
format_type
|
cos
cos
| source {
source_vlan_id
|
source_mac_addr source_mac_wildcard
}* |
dest {
dest_mac_addr dest_mac_wildcard
} | time-range
name
]*
Delete a sub-item from the ACL
(from Layer-2 ACL View)
undo rule
rule_id
Delete one ACL or all the ACL
(from System View)
undo acl { number
acl_number
| all }
Operation Command
Activate an ACL packet-filter inbound ip-group
acl_number
[ rule
rule
[ link-group
acl_number
rule
rule
] ] |
link-group
acl_number
[ rule
rule
] }
Deactivate an ACL undo packet-filter ip-group
acl_number
[ rule
rule
[
link-group
acl_number
[ rule
rule
] }
Operation Command
Display the status of the time range display time-range { all |
name
}
Display the detail information about the
ACL
display acl { all |
acl_number
}
Display the information about the ACL
running state
display packet-filter { interface {
interface_name
|
interface_type
interface_num
} | unitid
unit_id
}
Clear ACL counters reset acl counter { all |
acl_number
}
To Next Page