Assigning an acl globally, Assigning an acl to a vlan, 9 assigning an acl to a vlan – H3C Technologies H3C WX3000 Series Unified Switches User Manual
Page 338
36-9
z
ACLs assigned globally take precedence over those that are assigned to VLANs. That is, when a
packet matches a rule of a globally assigned ACL and a rule of an ACL assigned to a VLAN, the
device will perform the action defined in the rule of the globally assigned ACL if the actions defined
in the two rules conflict.
z
When a packet matches a rule of an ACL assigned globally (or assigned to a VLAN) and a rule of
an ACL assigned to a port (or port group), the device will deny the packets if the actions defined in
the two rules conflict.
z
ACLs assigned globally or to a VLAN take precedence over the default ACL. However, assigning
ACLs globally or to a VLAN may affect device management that is implemented through Telnet and
so on.
Assigning an ACL Globally
Configuration prerequisites
Before applying ACL rules to a VLAN, you need to define the related ACLs. For information about
defining an ACL, refer to
.
Configure procedure
Follow these steps to assign an ACL globally:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Assign an ACL globally
packet-filter
inbound acl-rule
Required
For description on the acl-rule argument,
refer to ACL in H3C WX3000 Series Unified
Switches Switching Engine Command
Reference
.
Configuration example
# Apply ACL 2000 globally to filter the inbound packets on all the ports.
<device> system-view
[device] packet-filter inbound ip-group 2000
Assigning an ACL to a VLAN
Configuration prerequisites
Before applying ACL rules to a VLAN, you need to define the related ACLs. For information about
defining an ACL, refer to
.
Configuration procedure
Follow these steps to assign an ACL to a VLAN:
To do…
Use the command…
Remarks
Enter system view
system-view
—