1-10
# Apply rule 1 of advanced ACL 3000 and rule 2 of Layer 2 ACL 4000 on all ports in VLAN 40 to filter
inbound packets. Here, it is assumed that the ACLs and their rules and the VLAN are already
configured.
[Sysname] packet-filter vlan 40 inbound ip-group 3000 rule 1 link-group 4000 rule 2
After completing the above configuration, you can use the display packet-filter command to view
information about packet filtering.
rule (for Basic ACLs)
Syntax
rule [ rule-id ] { deny | permit} [ rule-string ]
undo rule rule-id [ fragment | source | time-range ]*
View
Basic ACL view
Parameters
Parameters of the rule command
rule-id: ACL rule ID, in the range of 0 to 65534.
deny: Drops the matched packets.
permit: Permits the matched packets.
rule-string: ACL rule information, which can be a combination of the parameters described in
Table 1-6.
Table 1-6 Parameters for basic IPv4 ACL rules
Parameters Function Description
source { sour-addr
sour-wildcard | any }
Specifies a source address.
The sour-addr sour-wildcard
argument specifies a source IP
address in dotted decimal
notation. Setting the wildcard to
a zero indicates a host address.
The any keyword indicates any
source IP address.
fragment
Indicates that the rule applies
only to non-tail fragments.
āā
time-range time-name
Specifies the time range in
which the rule takes effect.
time-name: specifies the name
of the time range in which the
rule is active; a string
comprising 1 to 32 characters.
To Next Page
Loading...
