Packet-Filter Vlan - H3C S3100 Series Command Manual

# Apply rule 1 of advanced ACL 3000 and rule 2 of Layer 2 ACL 4000 on Ethernet 1/0/4 to filter inbound
packets. Here, it is assumed that the ACLs and their rules are already configured.
[Sysname] interface Ethernet 1/0/4
[Sysname-Ethernet1/0/4] packet-filter inbound ip-group 3000 rule 1 link-group 4000 rule 2
After completing the above configuration, you can use the display packet-filter command to view
information about packet filtering.

packet-filter vlan

Syntax
packet-filter vlan vlan-id inbound acl-rule
undo packet-filter vlan vlan-id inbound acl-rule
View
System view
Parameters
vlan-id: VLAN ID.
inbound: Specifies to filter packets received by the ports in the VLAN.
acl-rule: ACL rules to be applied, which can be a combination of the rules of multiple ACLs, as described
in Table 1-5.
Description
Use the packet-filter vlan command to apply ACL rules to a VLAN to filter packets.
Use the undo packet-filter vlan command to remove the application of ACL rules to a VLAN.
When you need to apply an ACL to all ports in a VLAN, you can use the packet-filter vlan command to
achieve the goal in one operation.
Only H3C S3100-EI series switches support this command.
An ACL assigned to a VLAN takes effect only for the packets tagged with 802.1Q header. For more
information about 802.1Q header, refer to the VLAN part.
Examples
# Apply all rules of basic ACL 2000 to VLAN 10 to make all ports in VLAN 10 filter inbound packets. Here,
it is assumed that the ACL and its rules and the VLAN are already configured.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] packet-filter vlan 10 inbound ip-group 2000
After completing the above configuration, you can use the display packet-filter command to view
information about packet filtering.
1-10