Applying acl rules to ports in a vlan, Configuration prerequisites, Configuration procedure – H3C Technologies H3C S3600 Series Switches User Manual

1-15

[Sysname-Ethernet1/0/1] packet-filter inbound ip-group 2000

Applying ACL Rules to Ports in a VLAN

By applying ACL rules to ports in a VLAN, you can add filtering of packets on all the ports

in the VLAN.

The ACL rules are only applied to ports that are in the VLAN at the time the packet-filter

vlan command is executed. In other words:

z

A port joining the VLAN later will not use the ACL rules for packet filtering.

z

A port leaving the VLAN later will keep using the ACL rules for packet filtering.

Configuration prerequisites

Before applying ACL rules to ports in a VLAN, you need to define the related ACLs. For

information about defining an ACL, refer to

Configuring Basic ACL

,

Configuring Advanced

ACL

,

Configuring Layer 2 ACL

,

Configuring User-defined ACL

and

Configuring IPv6 ACL

.

Configuration procedure

Follow these steps to apply ACL rules to ports in a VLAN:

To do...

Use the command...

Remarks

Enter system view

system-view

—

Apply ACL rules to ports in
a VLAN

packet-filter vlan vlan-id
{ inbound | outbound }
acl-rule

Required

For information about
acl-rule, refer to ACL
Commands.

Configuration example

# Apply ACL 2000 to all ports of VLAN 1 in the inbound direction to filter packets.

system-view

[Sysname] packet-filter vlan 1 inbound ip-group 2000

Displaying and Maintaining ACL Configuration

To do...

Use the command...

Remarks

Display a configured ACL or
all the ACLs

display acl { all | acl-number }

Available in any
view