Packet Filtering With Acls - HP A5120 EI Series Configuration Manual

Copying an IPv4 ACL
Follow these steps to copy an IPv4 ACL:
To do...
Enter system view
Copy an existing IPv4 ACL to
create a new IPv4 ACL
Copying an IPv6 ACL
Follow these steps to copy an IPv6 ACL:
To do...
Enter system view
Copy an existing IPv6 ACL to
generate a new one of the same
category

Packet filtering with ACLs

You can apply an ACL to filter incoming or outgoing IPv4 or IPv6 packets.
With a basic or advanced ACL, you can log filtering events by specifying the logging keyword in the ACL
rules and enabling the counting function.
You can set the packet filter to periodically send packet filtering logs to the information center as
informational messages. The interval for generating and outputting packet filtering logs is configurable.
The log information includes the number of matching packets and the ACL rules used in an interval. For
more information about the information center, see the Network Management and Monitoring
Configuration Guide.
NOTE:
ACLs on VLAN interfaces filter only packets forwarded at Layer 3.
Applying an IPv4 ACL for Packet Filtering
Follow these steps to apply an IPv4 ACL for packets filtering:
To do...
Enter system view
Enter Layer 2 Ethernet interface
view or VLAN interface view
Apply an IPv4 ACL to the
interface to filter IPv4 packets
Exit to system view
Use the command...
system-view
acl copy { source-acl-number |
name source-acl-name } to { dest-
acl-number | name dest-acl-name
}
Use the command...
system-view
acl ipv6 copy { source-acl6-number
| name source-acl6-name } to {
dest-acl6-number | name dest-
acl6-name }
Use the command...
system-view
interface interface-type interface-
number
packet-filter { acl-number | name
acl-name } inbound
quit
10
Remarks
—
Required
Remarks
—
Required
Remarks
—
—
Required
By default, no IPv4 ACL is applied
to the interface.
—