Displaying and maintaining acl, Examples for upper-layer software referencing acls – H3C Technologies H3C WX3000 Series Unified Switches User Manual

36-11

Configuration procedure

Follow these steps to apply an ACL to a port:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Enter Ethernet port view

interface

interface-type

interface-number

—

Apply an ACL to the port

packet-filter inbound

acl-rule

Required
For description on the acl-rule argument,
refer to ACL in H3C WX3000 Series
Unified Switches Switching Engine
Command Reference

.

You cannot assign an ACL to a member port of a port group.

Configuration example

# Apply ACL 2000 to GigabitEthernet 1/0/1 to filter the inbound packets.

<device> system-view

[device] interface GigabitEthernet 1/0/1

[device-GigabitEthernet1/0/1] packet-filter inbound ip-group 2000

Displaying and Maintaining ACL

To do…

Use the command…

Remarks

Display a configured ACL or all the ACLs

display

acl { all | acl-number }

Display a time range or all the time ranges

display time-range

{ all |

time-name

}

Display the information about packet filtering

display packet-filter

{ global |

interface interface-type
interface-number | port-group
[ group-id ] | unitid unit-id | vlan
[ vlan-id ] }

Display information about remaining ACL
resources

display acl remaining entry

Available in any
view.

Examples for Upper-layer Software Referencing ACLs

Example for Controlling Telnet Login Users by Source IP

Network requirements

As shown in

Figure 36-1

, apply an ACL to permit users with the source IP address of 10.110.100.52 to

telnet to the switching engine.