Applying an ipv4 acl for packet filtering, Configuration restrictions and guidelines, Configuration procedure – H3C Technologies H3C S12500 Series Switches User Manual

Page 22

Advertising
background image

13

Applying an IPv4 ACL for packet filtering

Configuration restrictions and guidelines

When you use the packet-filter forwarding-layer route outbound command or its undo form to specify

the outbound packet filter on a VLAN interface to filter only Layer 3 unicast packets or all packets, follow

these guidelines:

The packet-filter forwarding-layer route outbound command is available only for Ethernet interface

cards.

The packet-filter forwarding-layer route outbound or its undo form must be configured before the
packet-filter { acl-number | name acl-name } outbound command. If you have configured the

packet-filter { acl-number | name acl-name } outbound command on a VLAN interface, you must

remove the packet filter setting, configure the packet-filter forwarding-layer route outbound or its

undo form, and then re-configure the packet-filter { acl-number | name acl-name } outbound
command on the VLAN interface.

The packet-filter forwarding-layer route outbound command can cause the switch to discard BFD
packets. To avoid this problem, configure an advanced ACL rule by using the rule [ rule-id ] permit

udp destination-port range 3784 3785 command to permit BFD packets.

In IRF mode, the packet-filter forwarding-layer route outbound command can cause the switch to
discard sFlow packets. To avoid this problem, configure an advanced ACL rule by using the rule

[ rule-id ] permit udp destination-port range eq udp-port command to permit sFlow packets. The
udp-port is the port number of the sFlow collector and defaults to 6343. For information about sFlow,

see Network Management and Monitoring Configuration Guide.

Configuration procedure

To apply an IPv4 ACL for packet filtering:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Set the outbound packet filters

on VLAN interfaces to filter
only Layer 3 (routed) unicast

packets.

packet-filter forwarding-layer

route outbound

Optional.
By default, an outbound IPv4

packet filter filters all packets,

including Layer 2 (switched)
packets, on a VLAN interface.
When EB or EC2 cards are
operating in standard ACL mode,

the cards do not support this
function.

3.

Enter interface view.

interface interface-type
interface-number

N/A

Advertising
This manual is related to the following products:

H3C S9500E Series Switches, H3C MSR 5600, H3C MSR 50, H3C MSR 3600, H3C MSR 30, H3C MSR 2600, H3C MSR 20-2X[40], H3C MSR 20-1X, H3C MSR 930, H3C MSR 900

Popular Brands
Popular manuals