To successfully copy an ACL, make sure that:
•
The destination ACL number is from the same category as the source ACL number.
The source ACL already exists but the destination ACL does not.
•
Copying an IPv4 ACL
Step
1.
Enter system view.
2.
Copy an existing IPv4 ACL to create a
new IPv4 ACL.
Copying an IPv6 ACL
Step
1.
Enter system view.
2.
Copy an existing IPv6 ACL to generate a
new one of the same category.
Packet filtering with ACLs
You can use an ACL to filter incoming or outgoing IPv4 or IPv6 packets. You can apply one IPv4 ACL, one
IPv6 AL, and one Ethernet frame header ACL most to filter packets in the same direction of an interface.
NOTE:
ACLs on VLAN interfaces filter only packets forwarded at Layer 3.
Applying an IPv4 or Ethernet frame header ACL for packet
filtering
Step
1.
Enter system view.
2.
Enter interface view.
3.
Apply an IPv4 basic, IPv4
advanced, or Ethernet frame
header ACL to the interface to
filter packets.
Applying an IPv6 ACL for packet filtering
Command
system-view
acl copy { source-acl-number | name source-acl-name } to
{ dest-acl-number | name dest-acl-name }
Command
system-view
acl ipv6 copy { source-acl6-number | name
source-acl6-name } to { dest-acl6-number | name
dest-acl6-name }
Command
system-view
interface interface-type
interface-number
packet-filter { acl-number |
name acl-name } { inbound
| outbound }
10
Remarks
N/A
N/A
By default, no ACL is applied to any
interface.