EasyManua.ls Logo

Huawei Quidway S3500 Series - Activating ACL

Huawei Quidway S3500 Series
671 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Operation Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 1 ACL Configuration
Huawei Technologies Proprietary
1-8
III. Defining the Layer-2 ACL
The rules of Layer-2 ACL are defined on the basis of the Layer-2 information such as
source MAC address, source VLAN ID, Layer-2 protocol type, Layer-2 ports receiving
and forwarding the packet and destination MAC address to process the data packets.
You can use the following command to define the numbered Layer-2 ACL.
Perform the following configuration in corresponding view.
Table 1-7 Defining the Layer-2 ACL
Operation Command
Enter Layer-2 ACL view(from
system view)
acl { number acl-number | name acl-name link }
[ match-order { config | auto } ]
Add a sub-item to the ACL(from
Layer-2 ACL view)
rule [ rule-id ] { permit | deny } [ ingress
{ { source-vlan-id | source-mac-addr | interface
{ interface-name | interface-type
interface-num } }* | any } ] [ egress
{ { destination-vlan-id | dest-mac-addr | interface
{ interface-name | interface-type
interface-num } }* | any } ] [ time-range name ]
Delete a sub-item from the
ACL(from Layer-2 ACL view)
undo rule rule-id
Delete one ACL or all the
ACL(from system view)
undo acl { number acl-number | name
acl-name | all }
Layer-2 ACL can be identified with numbers ranging from 4000 to 4999.
The interface in the above command specifies the Layer-2 interface, such as the
Ethernet port of a switch.
1.2.3 Activating ACL
The defined ACL can be active after activated globally on the switch. This function is
used to activate the ACL filtering or classify the data transmitted by the hardware of
switch.
You can use the following command to activate the defined ACL.
Perform the following configuration in system view.
Table 1-8 Activating ACL
Operation Command
Activate an
ACL
packet-filter { ip-group { acl-number | acl-name } [ rule rule ] |
link-group { acl-number | acl-name } [ rule rule ] }
Deactivate an
ACL
undo packet-filter { ip-group { acl-number | acl-name } [ rule
rule ] | link-group { acl-number | acl-name } [ rule rule ] }

Table of Contents

Related product manuals