Chapter 53 vlan-acl configuration, 1 introduction to vlan-acl, 2 vlan-acl configuration task list – PLANET WGSW-52040 User Manual

53-1

Chapter 53 VLAN-ACL Configuration

53.1 Introduction to VLAN-ACL

The user can configure ACL policy to VLAN to implement the accessing control of all ports in VLAN, and

VLAN-ACL enables the user to expediently manage the network. The user only needs to configure ACL policy

in VLAN, the corresponding ACL action can takes effect on all member ports of VLAN, but it does not need to

solely configure on each member port.

When VLAN ACL and Port ACL are configured at the same time, it will first match Port ACL due to Port ACL

priority is higher than VLAN-ACL.

VLAN-ACL ingress direction can implement the filtering of the packets, the packets match the specific rules

can be allowed or denied. ACL can support IP ACL, MAC ACL, MAC-IP ACL, IPv6 ACL. Ingress direction of

VLAN can bind four kinds of ACL at the same time.

53.2 VLAN-ACL Configuration Task List

1. Configure VLAN-ACL of IP type

2. Configure VLAN-ACL of MAC type

3. Configure VLAN-ACL of MAC-IP

4. Configure VLAN-ACL of IPv6 type

5. Show configuration and statistic information of VLAN-ACL

6. Clear statistic information of VLAN-ACL

1. Configure VLAN-ACL of IP type

Command

Explanation

Global mode

vacl ip access-group {<1-299> | WORD} {in

| out} [traffic-statistic] vlan WORD

no vacl ip access-group {<1-299> |

WORD} {in | out} vlan WORD

Configure or delete IP VLAN-ACL.

(Egress filtering is not supported by

switch.)

2. Configure VLAN-ACL of MAC type

Command

Explanation