Copying an ipv4 acl, Copying an ipv6 acl, Applying an ipv6 acl for packet filtering – H3C Technologies H3C S10500 Series Switches User Manual

Page 18: Packet filtering with acls

Advertising
background image

10

To successfully copy an ACL, make sure that:

The destination ACL number is from the same category as the source ACL number.

The source ACL already exists but the destination ACL does not.

Copying an IPv4 ACL

Follow these steps to copy an IPv4 ACL:

To do…

Use the command…

Remarks

Enter system view

system-view

Copy an existing IPv4 ACL to
create a new IPv4 ACL

acl copy { source-acl-number | name
source-acl-name } to { dest-acl-number | name

dest-acl-name }

Required

Copying an IPv6 ACL

Follow these steps to copy an IPv6 ACL:

To do…

Use the command…

Remarks

Enter system view

system-view

Copy an existing IPv6 ACL to
generate a new one of the same

category

acl ipv6 copy { source-acl6-number | name
source-acl6-name } to { dest-acl6-number |

name dest-acl6-name }

Required

Packet filtering with ACLs

You can use an ACL to filter incoming or outgoing IPv4 or IPv6 packets. You can apply one IPv4 ACL, one

IPv6 AL, and one Ethernet frame header ACL most to filter packets in the same direction of an interface.

NOTE:

ACLs on VLAN interfaces filter only packets forwarded at Layer 3.

The term interface in the packet filtering feature refers to VLAN interfaces, bridge mode (Layer 2) and
route mode (Layer 3) Ethernet ports. You can set an Ethernet port to operate in route mode by using the
port link-mode route command (see Layer 2—LAN Switching Configuration Guide).

Applying an IPv4 or Ethernet frame header ACL for packet filtering

Follow these steps to apply an IPv4 or Ethernet frame header ACL for packet filtering:

To do…

Use the command…

Remarks

Enter system view

system-view

Enter interface view

interface interface-type
interface-number

Apply an IPv4 basic, IPv4
advanced, or Ethernet frame

header ACL to the interface to filter
packets

packet-filter { acl-number |
name acl-name } { inbound

| outbound }

Required
By default, no ACL is applied to any
interface.

Applying an IPv6 ACL for packet filtering

Follow these steps to apply an IPv6 ACL for packet filtering:

Advertising
This manual is related to the following products:

H3C S5800 Series Switches, H3C S5820X Series Switches

Popular Brands
Popular manuals