1-8
z The link-group acl-number keyword specifies a Layer 2 ACL. The acl-number argument ranges
from 4000 to 4999.
z The user-group acl-number keyword specifies a user-defined ACL. The acl-number argument
ranges from 5000 to 5999.
z The rule rule-id keyword specifies a rule of an ACL. The rule argument ranges from 0 to 65534. If
you do not specify this argument, all the rules of the ACL are applied.
Description
Use the packet-filter command to apply ACL rules on a port to filter packets.
Use the undo packet-filter command to remove the application of ACL rules on a port.
Examples
# Apply all rules of basic ACL 2000 on Ethernet 1/0/1 to filter inbound packets. Here, it is assumed that
the ACL and its rules are already configured.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] interface Ethernet1/0/1
[Sysname-Ethernet1/0/1] packet-filter inbound ip-group 2000
[Sysname-Ethernet1/0/1] quit
# Apply rule 1 of Layer 2 ACL 4000 on Ethernet 1/0/2 to filter outbound packets. Here, it is assumed that
the ACL and its rule numbered 1 are already configured.
[Sysname] interface Ethernet 1/0/2
[Sysname-Ethernet1/0/2] packet-filter outbound link-group 4000 rule 1
[Sysname-Ethernet1/0/2] quit
# Apply rule 2 of user-defined ACL 5000 on Ethernet 1/0/3 to filter inbound packets. Here, it is assumed
that the ACL and its rule numbered 2 are already configured.
[Sysname] interface Ethernet 1/0/3
[Sysname-Ethernet1/0/3] packet-filter inbound user-group 5000 rule 2
[Sysname-Ethernet1/0/3] quit
# Apply rule 1 of advanced ACL 3000 and rule 2 of Layer 2 ACL 4000 on Ethernet 1/0/4 to filter inbound
packets. Here, it is assumed that the ACLs and their rules are already configured.
[Sysname] interface Ethernet 1/0/4
[Sysname-Ethernet1/0/4] packet-filter inbound ip-group 3000 rule 1 link-group 4000 rule 2
After completing the above configuration, you can use the display packet-filter command to view
information about packet filtering.
packet-filter vlan
Syntax
packet-filter vlan vlan-id { inbound | outbound } acl-rule
undo packet-filter vlan vlan-id { inbound | outbound } acl-rule
View
System view
To Next Page
Loading...
Need help?
General