Configuration example, Applying acl rules on ports, Configuration prerequisites – H3C Technologies H3C S3600 Series Switches User Manual

1-14

IPv6 ACLs do not match IPv6 packets with extension headers.

Configuration example

# Configure an rule for IPv6 ACL 5000, denying packets from 3001::1/64 to 3002::1/64.

system-view

[Sysname] acl number 5000

[Sysname-acl-user-5000] rule deny src-ip 3001::1 64 dest-ip 3002::1 64

# Display the configuration information of ACL 5000.

[Sysname-acl-user-5000] display acl 5000

User defined ACL 5000, 1 rule

Acl's step is 1

rule 0 deny src-ip 3001::1 64 dest-ip 3002::1 64

Applying ACL Rules on Ports

By applying ACL rules on ports, you can filter packets on the corresponding ports.

Configuration prerequisites

You need to define an ACL before applying it on a port. For information about defining an

ACL, refer to

Configuring Basic ACL

,

Configuring Advanced ACL

,

Configuring Layer 2

ACL

,

Configuring User-defined ACL

and

Configuring IPv6 ACL

.

Configuration procedure

Follow these steps to apply an ACL on a port:

To do...

Use the command...

Remarks

Enter system view

system-view

—

Enter Ethernet port
view

interface interface-type
interface-number

—

Apply ACL rules on
the port

packet-filter { inbound |
outbound } acl-rule

Required

For information about acl-rule,
refer to ACL Commands.

Configuration example

# Apply ACL 2000 on Ethernet 1/0/1 to filter inbound packets.

system-view

[Sysname] interface Ethernet 1/0/1