1-9
Table 1-5 Combined application of ACLs
Combination mode The acl-rule argument
Apply all the rules of an ACL that is of IP type
(The ACL can be a basic ACL or an advanced
ACL.)
ip-group acl-number
Apply a rule of an ACL that is of IP type (The
ACL can be a basic ACL or an advanced ACL.)
ip-group acl-number rule rule-id
Apply all the rules of a Layer 2 ACL
link-group acl-number
Apply a rule of a Layer 2 ACL
link-group acl-number rule rule-id
Apply all rules of an IPv6 ACL
user-group acl-number
Apply a rule of an IPv6 ACL
user-group acl-number rule rule-id
Apply a rule of an ACL that is of IP type and a
rule of a Layer 2 ACL
ip-group acl-number rule rule-id link-group
acl-number rule rule-id
In
Table 1-5:
z The ip-group acl-number keyword specifies a basic or an advanced ACL. The acl-number
argument ranges from 2000 to 3999.
z The link-group acl-number keyword specifies a Layer 2 ACL. The acl-number argument ranges
from 4000 to 4999.
z The user-group acl-number keyword specifies an IPv6 ACL. The acl-number argument ranges
from 5000 to 5999.
z The rule rule-id keyword specifies a rule of an ACL. The rule argument ranges from 0 to 65534. If
you do not specify this argument, all the rules of the ACL are applied.
Description
Use the packet-filter command to assign an ACL globally, to a port, or in a port group to filter inbound
packets.
Use the undo packet-filter command to cancel the assignment of an ACL.
Only H3C S3100-EI series switches support this command.
Examples
# Apply all rules of basic ACL 2000 on Ethernet 1/0/1 to filter inbound packets. Here, it is assumed that
the ACL and its rules are already configured.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] interface Ethernet1/0/1
[Sysname-Ethernet1/0/1] packet-filter inbound ip-group 2000
[Sysname-Ethernet1/0/1] quit
To Next Page
Loading...
Need help?
General