Chapter 51 vlan-acl configuration, 1 introduction to vlan-acl, 2 vlan-acl configuration task list – QTECH QSW-3400 Инструкция по настройке User Manual

+7(495) 797-3311 www.qtech.ru
Москва, Новозаводская ул., 18, стр. 1

385

Chapter 51 VLAN-ACL Configuration

51.1 Introduction to VLAN-ACL

The user can configure ACL policy to VLAN to implement the accessing control of all ports in

VLAN, and VLAN-ACL enables the user to expediently manage the network. The user only

needs to configure ACL policy in VLAN, the corresponding ACL action can takes effect on all

member ports of VLAN, but it does not need to solely configure on each member port.

When VLAN ACL and Port ACL are configured at the same time, it will first match Port ACL

due to Port ACL priority is higher than VLAN-ACL.

VLAN-ACL ingress direction can implement the filtering of the packets, the packets match the

specific rules can be allowed or denied. ACL can support IP ACL, MAC ACL, MAC-IP ACL,

IPv6 ACL. Ingress direction of VLAN can bind four kinds of ACL at the same time.

51.2 VLAN-ACL Configuration Task List

1. Configure VLAN-ACL of IP type

2. Configure VLAN-ACL of MAC type

3. Configure VLAN-ACL of MAC-IP

4. Configure VLAN-ACL of IPv6 type

5. Show configuration and statistic information of VLAN-ACL

6. Clear statistic information of VLAN-ACL

1. Configure VLAN-ACL of IP type

Command

Explanation

Global mode

vacl ip access-group {<1-299> | WORD} {in |

out} [traffic-statistic] vlan WORD

no vacl ip access-group {<1-299> | WORD}

{in | out} vlan WORD

Configure or delete IP VLAN-ACL. (Egress

filtering is not supported by switch.)

2. Configure VLAN-ACL of MAC type

Command

Explanation

Global mode

vacl mac access-group {<700-1199> | WORD}

{in | out} [traffic-statistic] vlan WORD

Configure or delete MAC VLAN-ACL.

(Egress filtering is not supported by switch.)