H3C S5500-SI Series Operation Manual page 790

4
ACL Application for Packet Filtering
When applying an ACL for packet filtering, go to these sections for information you are interested in:
Filtering Ethernet Frames
Filtering IPv4 Packets
Filtering IPv6 Packets
ACL Application Example
You can apply an ACL to the inbound direction of an Ethernet interface or VLAN interface to filter
packets:
Applied to an Ethernet interface, an ACL can filter all Ethernet frames, IPv4 packets, and IPv6
packets that are received or to be sent on the interface.
Applied to a VLAN interface, an ACL filters only Layer 3 packets that are needed to be forwarded
through the VLAN interface.
You can edit the rules in an applied ACL, such as add, remove, and modify rules, and the edited rules
take effect immediately.
Filtering Ethernet Frames
Follow these steps to apply an Ethernet frame header ACL to an interface to filter Ethernet frames:
To do...
Enter system view
Enter
interface
view
Apply an Ethernet frame
header ACL to the interface to
filter Ethernet frames
Filtering IPv4 Packets
Follow these steps to apply an IPv4 ACL to an interface to filter IPv4 packets:
To do...
Enter system view
Enter
interface
system-view
Enter Ethernet
interface interface-type
interface-number
interface view
Enter VLAN
interface vlan-interface
interface view vlan-id
packet-filter { acl-number |
name acl-name } inbound
system-view
Enter Ethernet
interface interface-type
interface view interface-number
Use the command...
Use the command...
4-1
Remarks
—
Use either command
Required
By default, an interface does
not filter Ethernet frames.
Remarks
—
Use either command