Configuring packet filtering with acls – H3C Technologies H3C S6300 Series Switches User Manual
Page 19
9
Step Command
1.
Enter system view.
system-view
2.
Copy an existing ACL to create a new ACL.
acl [ ipv6 ] copy { source-acl-number | name
source-acl-name } to { dest-acl-number | name
dest-acl-name }
Configuring packet filtering with ACLs
This section describes procedures for applying an ACL to filter incoming or outgoing IPv4 or IPv6 packets
on the specified interface.
NOTE:
The ACL-based packet filter function is available on Layer 2 Ethernet interfaces, VLAN interfaces,
S-channel interfaces, and S-channel aggregate interfaces. For more information about the S-channel, see
EVB Configuration Guide.
Applying an ACL to an interface for packet filtering
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enter interface view.
interface interface-type
interface-number
N/A
3.
Apply an ACL to the interface
to filter packets.
packet-filter [ ipv6 ] { acl-number |
name acl-name } { inbound |
outbound } [ hardware-count ]
By default, an interface does not
filter packets.
You can apply only one ACL to the
same direction of an interface.
Configuring the applicable scope of packet filtering on a VLAN
interface
You can configure the packet filtering on a VLAN interface to filter the following packets:
•
Packets forwarded at Layer 3 by the VLAN interface.
•
All packets, including packets forwarded at Layer 3 by the VLAN interface and packets forwarded
at Layer 2 by the physical ports associated with the VLAN interface.
To configure the applicable scope of packet filtering on a VLAN interface:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Create a VLAN interface
and enter its view.
interface vlan-interface
vlan-interface-id
If the VLAN interface already exists,
you directly enter its view.
By default, no VLAN interface exists.