Activating An Acl - H3C S9500 Series Operation Manual

Routing switches

Hide thumbs Also See for S9500 Series:

Command manual (1842 pages)

Operation manual (1014 pages)

Operating manual (76 pages)

Table of Contents

Operation Manual – ACL

H3C S9500 Series Routing Switches

Define an ACL rule (in

Layer 2 ACL view)

Remove an ACL rule (in

Layer 2 ACL view)

Remove an ACL or all the

ACLs (in system view)

1.2.5 Activating an ACL

After defining an ACL, you must activate it for it to take effect. This configuration

activates those ACLs to filter or classify the packets forwarded by hardware.

For interface cards, perform the following configurations in Ethernet port view to

activate/deactivate an ACL:

Activate IP group ACL

Deactivate IP group ACL

Activate IP group ACL and

link group ACL at same time

Deactivate IP group ACL

and link group ACL at same

Activate link group ACL

Deactivate link group ACL

For service processor cards, perform the following configurations in VLAN view to

activate ACL:

rule [ rule-id ] { permit | deny } [ packet-level { bridge |

route } | cos cos-value | c-tag-cos c-cos-value | exp

exp-value | protocol-type | mac-type

{ any-broadcast-packet | arp-broadcast-packet |

non-arp-broadcast-packet | { { unicast-packet |

multicast-packet } [ known | unknown ] } } | ingress

{ { source-vlan-id [ to source-vlan-id-end ] |

source-mac-addr source-mac-wildcard | c-tag-vlan

c-tag-vlan } * | any } | egress { dest-mac-addr

dest-mac-wildcard | any } | s-tag-vlan s-tag-vlanid |

time-range name ] *

undo rule rule-id

undo acl { number acl-number | name acl-name | all }

Use the command...

packet-filter inbound ip-group { acl-number |

acl-name } [ rule rule [ system-index index ] ]

undo packet-filter inbound ip-group { acl-number |

acl-name } [ rule rule ]

packet-filter inbound ip-group { acl-number |

acl-name } { rule rule link-group { acl-number |

acl-name } [ rule rule [ system-index index ] ] |

link-group { acl-number | acl-name } rule rule }

undo packet-filter inbound ip-group { acl-number |

acl-name } { rule rule link-group { acl-number |

acl-name } [ rule rule ] | link-group { acl-number |

acl-name } rule rule }

packet-filter inbound link-group { acl-number |

acl-name } [ rule rule [ system-index index ] ]

undo packet-filter inbound link-group

{ acl-number | acl-name } [ rule rule ]

Chapter 1 ACL Configuration

Chapters

Table of Contents

Activating An Acl - H3C S9500 Series Operation Manual

1.2.5 Activating an ACL

Chapters

Troubleshooting

Related Manuals for H3C S9500 Series

Related Content for H3C S9500 Series

Table of Contents