1-10
Acl's step is 1
rule 0 deny 06 ff 27
Applying ACL Rules on Ports By applying ACL rules on ports, you can filter packets on the corresponding ports.
Configuration prerequisites
You need to define an ACL before applying it on a port. For information about defining an ACL, refer to
Configuring Basic ACL, Configuring Advanced ACL, Configuring Layer 2 ACL, and Configuring
User-defined ACL.
Configuration procedure
Follow these steps to apply ACL rules on a port:
To do... Use the command... Remarks
Enter system view system-view —
Enter Ethernet port view interface interface-type
interface-number —
Apply ACL rules on the
port
packet-filter { inbound |
outbound } acl-rule
Required
For information about acl-rule, refer
to ACL Commands.
Configuration example
# Apply ACL 2000 on Ethernet 1/0/1 to filter inbound packets.
<Sysname> system-view
[Sysname] interface Ethernet 1/0/1
[Sysname-Ethernet1/0/1] packet-filter inbound ip-group 2000
Applying ACL rules to Ports in a VLAN By applying ACL rules to ports in a VLAN, you can add filtering of packets on all the ports in the VLAN.
Note:
The ACL rules are only applied to ports that are in the VLAN at the time the packet-filter vlan
command is executed. In other words:
z A port joining the VLAN later will not use the ACL rules for packet filtering.
z A port leaving the VLAN later will keep using the ACL rules for packet filtering.
Configuration prerequisites
Before applying ACL rules to ports in a VLAN, you need to define the related ACLs. For information
about defining an ACL, refer to Configuring Basic ACL, Configuring Advanced ACL, Configuring Layer 2
ACL, and Configuring User-defined ACL.