Configuring packet filtering with acls – H3C Technologies H3C S6300 Series Switches User Manual

9

Step Command

1.

Enter system view.

system-view

2.

Copy an existing ACL to create a new ACL.

acl [ ipv6 ] copy { source-acl-number | name
source-acl-name } to { dest-acl-number | name

dest-acl-name }

Configuring packet filtering with ACLs

This section describes procedures for applying an ACL to filter incoming or outgoing IPv4 or IPv6 packets

on the specified interface.

NOTE:

The ACL-based packet filter function is available on Layer 2 Ethernet interfaces, VLAN interfaces,
S-channel interfaces, and S-channel aggregate interfaces. For more information about the S-channel, see

EVB Configuration Guide.

Applying an ACL to an interface for packet filtering

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter interface view.

interface interface-type
interface-number

N/A

3.

Apply an ACL to the interface
to filter packets.

packet-filter [ ipv6 ] { acl-number |
name acl-name } { inbound |

outbound } [ hardware-count ]

By default, an interface does not
filter packets.
You can apply only one ACL to the
same direction of an interface.

Configuring the applicable scope of packet filtering on a VLAN
interface

You can configure the packet filtering on a VLAN interface to filter the following packets:

•

Packets forwarded at Layer 3 by the VLAN interface.

•

All packets, including packets forwarded at Layer 3 by the VLAN interface and packets forwarded
at Layer 2 by the physical ports associated with the VLAN interface.

To configure the applicable scope of packet filtering on a VLAN interface:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Create a VLAN interface
and enter its view.

interface vlan-interface
vlan-interface-id

If the VLAN interface already exists,
you directly enter its view.
By default, no VLAN interface exists.