H3C S3100 Series Command Manual page 601

Table 1-5 Combined application of ACLs
Combination mode
Apply all the rules of an ACL that is of IP type
(The ACL can be a basic ACL or an advanced
ACL.)
Apply a rule of an ACL that is of IP type (The
ACL can be a basic ACL or an advanced ACL.)
Apply all the rules of a Layer 2 ACL
Apply a rule of a Layer 2 ACL
Apply all rules of an IPv6 ACL
Apply a rule of an IPv6 ACL
Apply a rule of an ACL that is of IP type and a
rule of a Layer 2 ACL
In Table 1-5:
The ip-group acl-number keyword specifies a basic or an advanced ACL. The acl-number
argument ranges from 2000 to 3999.
The link-group acl-number keyword specifies a Layer 2 ACL. The acl-number argument ranges
from 4000 to 4999.
The user-group acl-number keyword specifies an IPv6 ACL. The acl-number argument ranges
from 5000 to 5999.
The rule rule-id keyword specifies a rule of an ACL. The rule argument ranges from 0 to 65534. If
you do not specify this argument, all the rules of the ACL are applied.
Description
Use the packet-filter command to assign an ACL globally, to a port, or in a port group to filter inbound
packets.
Use the undo packet-filter command to cancel the assignment of an ACL.
Only H3C S3100-EI series switches support this command.
Examples
# Apply all rules of basic ACL 2000 on Ethernet 1/0/1 to filter inbound packets. Here, it is assumed that
the ACL and its rules are already configured.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] interface Ethernet1/0/1
[Sysname-Ethernet1/0/1] packet-filter inbound ip-group 2000
[Sysname-Ethernet1/0/1] quit
The acl-rule argument
ip-group acl-number
ip-group acl-number rule rule-id
link-group acl-number
link-group acl-number rule rule-id
user-group acl-number
user-group acl-number rule rule-id
ip-group acl-number rule rule-id link-group
acl-number rule rule-id
1-9