Assigning an ACL to a Port

Configuration prerequisites

Before applying ACL rules to a VLAN, you need to define the related ACLs. For information about defining an ACL, refer to Configuring Basic ACL, Configuring Advanced ACL, Configuring Layer 2 ACL.

Configuration procedure

Follow these steps to apply an ACL to a port:

 

To do…

Use the command…

Remarks

 

 

Enter system view

system-view

 

 

 

 

 

 

 

Enter Ethernet port view

interface interface-type

 

 

interface-number

 

 

 

 

 

 

 

 

 

 

 

 

 

Required

 

 

Apply an ACL to the port

packet-filter inbound acl-rule

For description on the acl-rule

 

 

 

 

argument, refer to ACL Command.

 

 

 

 

 

 

You cannot assign an ACL to a member port of a port group.

Configuration example

# Apply ACL 2000 to GigabitEthernet 1/0/1 to filter the inbound packets.

<device> system-view

[device] interface GigabitEthernet 1/0/1

[device-GigabitEthernet1/0/1] packet-filter inbound ip-group 2000

Displaying and Maintaining ACL

 

To do…

Use the command…

Remarks

 

Display a configured ACL or all the ACLs

display acl { all acl-number}

 

 

 

 

 

 

Display a time range or all the time ranges

display time-range { all

 

 

time-name }

 

 

 

 

 

 

 

 

 

 

display packet-filter { global

Available in

 

 

interface interface-type

 

Display the information about packet filtering

any view.

 

interface-number port-group

 

 

 

 

[ group-id ] unitid unit-id vlan

 

 

 

[ vlan-id ] }

 

 

 

 

 

 

Display information about remaining ACL

display acl remaining entry

 

 

resources

 

 

 

 

 

 

 

 

1-11

Page 354
Image 354
3Com WX3000 operation manual Displaying and Maintaining ACL, Assigning an ACL to a Port