beautypg.com

H3C Technologies H3C S12500 Series Switches User Manual

Page 23

background image

14

Step Command

Remarks

4.

Apply an IPv4 basic, IPv4

advanced, Ethernet frame
header, or user-defined ACL

to the interface to filter

packets.

packet-filter { acl-number | name
acl-name } { inbound | outbound }

By default, no ACL is applied to
any interface.
On a VLAN interface:

The inbound packet filter

handles only Layer 3 unicast

packets.

If the packet-filter

forwarding-layer route

outbound command is
configured, the outbound

packet filter handles only Layer

3 unicast packets; if not, the
outbound packet filter handles

all packets.

When EB or EC2 cards are
operating in standard ACL mode,

the interfaces on these cards do not
support applying a user-defined

ACL to filter packets.
On an Ethernet interface, the

packet filter handles all packets.
Avoid the case that multiple users

configure the packet-filter

command at the same time.
Otherwise, the configuration might

fail.

5.

Exit to system view.

quit

N/A

6.

Set the interval for generating
and outputting IPv4 packet

filtering logs.

acl logging frequence frequence

By default, the interval is 0. No
IPv4 packet filtering logs are

generated.

The rule you add to an ACL that has been used by a packet filter cannot take effect if hardware resources

are insufficient or the packet filter does not support the rule. Such rules are marked as uncompleted in the
output from the display acl { acl-number | all | name acl-name } slot slot-number command. To

successfully apply the rule, you must delete the rule and reconfigure it when hardware resources are

sufficient.
Follow these guidelines when you configure a packet filter on a VLAN interface:

Use the undo packet-filter command to remove the packet filter from the VLAN interface if the ACL
application fails on an interface card, for example, because of hardware resource insufficiency. The
switch applies the packet filter configured on a VLAN interface to the main processing unit and all

interface cards. When an application failure occurs on an interface card, the switch cannot

automatically remove the ACL that has been applied to the main processing unit or any other

interface card.

You must also use the undo packet-filter to remove the packet filter if the switch fails to update the

packet filter on an interface card after you edit the ACL rules. If you do not remove the packet filter,
the old ACL rules continue to take effect and the display packet-filter command shows the initial

ACL application status.

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: