Configuring Packet Filtering With Acls; Applying An Acl To An Interface For Packet Filtering; Applying An Acl To A Zone Pair For Packet Filtering; Configuring Logging And Snmp Notifications For Packet Filtering - HP FlexNetwork MSR Series Configuration Manuals

Comware 7 acl and qos

Hide thumbs Also See for FlexNetwork MSR Series:

Configuration manual (392 pages)

Command reference manual (1005 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

page of 159

/ 159
Contents
Table of Contents
Bookmarks

Table of Contents

Configuring packet filtering with ACLs

This section describes procedures for applying an ACL to filter incoming or outgoing IPv4 or IPv6

packets on the specified interface.

Applying an ACL to an interface for packet filtering

Step

Enter system view.

Enter interface view.

Apply an ACL to the interface

to filter packets.

Applying an ACL to a zone pair for packet filtering

Step

Enter system view.

Enter zone pair view.

Apply an ACL to the zone

pair to filter packets.

Configuring logging and SNMP notifications for packet

filtering

You can configure the ACL module to generate log entries or SNMP notifications for packet filtering

and output them to the information center or SNMP module at the output interval. The log entry or

notification records the number of matching packets and the matched ACL rules. If an ACL is

matched for the first time, the device immediately outputs a log entry or notification to record the

matching packet.

For more information about the information center and SNMP, see Network Management and

Monitoring Configuration Guide.

To configure logging and SNMP notifications for packet filtering:

Step

Enter system view.

Command

system-view

interface

interface-type

interface-number

packet-filter [ ipv6 | mac ]

{ acl-number | name acl-name }

{ inbound | outbound }

Command

system-view

zone-pair

security

source-zone-name

destination

destination-zone-name

packet-filter [ ipv6 ] { acl-number

| name acl-name }

Command

system-view

Remarks

N/A

Layer

interfaces

supported.

By default, an interface does not

filter packets.

You can apply up to 32 ACLs to

the same direction of an interface.

Remarks

N/A

source

N/A

By default, a zone pair does not

filter packets.

You can apply up to 32 ACLs to

the same zone pair.

For more information about zone

pair,

see

Configuration Guide.

Remarks

N/A

are

not

Fundamentals

Table of Contents

Configuring Packet Filtering With Acls; Applying An Acl To An Interface For Packet Filtering; Applying An Acl To A Zone Pair For Packet Filtering; Configuring Logging And Snmp Notifications For Packet Filtering - HP FlexNetwork MSR Series Configuration Manuals

Configuring packet filtering with ACLs

Applying an ACL to an interface for packet filtering

Applying an ACL to a zone pair for packet filtering

Related Manuals for HP FlexNetwork MSR Series

Related Content for HP FlexNetwork MSR Series

Table of Contents