16
Parameters
ipv6: Specifies the IPv6 ACL type.
mac: Specifies the Layer 2 ACL type.
acl-number: Specifies an ACL by its number.
• 2000 to 2999 for basic ACLs.
• 3000 to 3999 for advanced ACLs.
• 4000 to 4999 for Layer 2 ACLs.
name acl-name: Specifies an ACL by its name. The acl-name argument is a case-insensitive string
of 1 to 63 characters.
inbound: Filters incoming packets.
outbound: Filters outgoing packets.
hardware-count: Enables counting ACL rule matches performed in hardware. If you do not specify
this keyword, rule matches for the ACL are not counted.
Usage guidelines
To specify the IPv4 ACL type, do not specify the ipv6 or mac keyword.
The hardware-count keyword in this command enables match counting for all rules in an ACL, and
the counting keyword in the rule command enables match counting specific to rules.
To the same direction of an interface, you can apply a maximum of three ACLs: one IPv4 ACL, one
IPv6 ACL, and one Layer 2 ACL.
You cannot apply an ACL to the outbound direction of a Layer 2 or Layer 3 aggregate interface.
Examples
# Apply IPv4 basic ACL 2001 to filter incoming traffic on Ten-GigabitEthernet 1/0/1, and enable
counting ACL rule matches performed in hardware.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] packet-filter 2001 inbound hardware-count
Related commands
display packet-filter
display packet-filter statistics
display packet-filter verbose
packet-filter default deny
Use packet-filter default deny to set the packet filtering default action to deny. The packet filter
denies packets that do not match any ACL rule.
Use undo packet-filter default deny to restore the default.
Syntax
packet-filter default deny
undo packet-filter default deny
Default
The packet filtering default action is permit. The packet filter permits packets that do not match any
ACL rule.
To Next Page
Loading...
