Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 1 ACL Commands
Huawei Technologies Proprietary
1-34
Table 1-16 Combined Mode of ACL
Combined Mode Value
All rules in IP ACL ip-group { acl-number | acl-name }
Only one rule in IP ACL ip-group { acl-number | acl-name } rule rule
All rules in Link ACL link-group { acl-number | acl-name }
Only one rule in Link ACL link-group { acl-number | acl-name } rule rule
All rules in IP ACL and
one rule in Link ACL
ip-group { acl-number | acl-name } link-group
{ acl-number | acl-name } rule rule
One rule in IP ACL and
one rule in Link ACL
ip-group { acl-number | acl-name } rule rule link-group
{ acl-number | acl-name } rule rule
One rule in IP ACL and
all rules in Link ACL
ip-group { acl-number | acl-name } rule rule link-group
{ acl-number | acl-name }
z ip-group { acl-number | acl-name }:activate the IP ACLs. IP ACLs include basic,
advanced ACLs. acl-number: Specifies the ACL number, ranging from 2000 to
3999. acl-name: Specifies the ACL name with a character string started with
English letters (that is [a to z, A to Z]), excluding space and quotation marks.
z link-group { acl-number | acl-name }: activate the L2 ACL. acl-number: Specifies
the ACL number, ranging from 4000 to 4999. acl-name: Specifies the ACL name
with a character string started with English letters (that is [a to z, A to Z]), excluding
space and quotation marks.
z rule rule: Specifies the rule in the ACL to be activated, ranging from 0 to 127. If it is
not specified, all the rules in the ACL will be activated.
interface { interface-list | all }: Activate the ACL on specified interface.
Description
Using packet-filter command, you can activate the ACL. Using undo packet-filter
command, you can disable the ACL.
This command supports activating the Layer-2 and Layer-3 ACLs. However the actions
of the ACLs should be consistent. If the actions conflict (one is permit and the other is
deny), they cannot be activated.
Example
# Activate ACL 2000 on Ethernet0/1.
[Quidway-Ethernet0/1] packet-filter ip-group 2000
To Next Page
Loading...
Need help?
General
