Table of Contents
Advertisement
Step
1.
Enter system view.
2.
Copy an existing IPv4 ACL to create a
new IPv4 ACL.
Copying an IPv6 ACL
Step
1.
Enter system view.
2.
Copy an existing IPv6 ACL to generate a
new one of the same category.
Packet filtering with ACLs
IMPORTANT:
This feature is available only on the HPE 3100 v2 EI switches.
You can use an ACL to filter incoming or outgoing IPv4 or IPv6 packets. You can apply one IPv4 ACL,
one IPv6 AL, and one Ethernet frame header ACL most to filter packets in the same direction of an
interface.
With a basic or advanced ACL, you can log filtering events by specifying the logging keyword in the
ACL rules and enabling the counting function. To enable counting for rule matches performed in
hardware, configure the hardware-count enable command for the ACL or specify the counting
keyword in the ACL rules.
You can set the packet filter to periodically send packet filtering logs to the information center as
informational messages. The interval for generating and outputting packet filtering logs is
configurable. The log information includes the number of matching packets and the ACL rules used
in an interval. For more information about the information center, see Network Management and
Monitoring Configuration Guide.
Applying an IPv4 or Ethernet frame header ACL for packet
filtering
Step
1.
Enter system view.
2.
Enter interface view.
3.
Apply an IPv4 basic, IPv4
advanced, or Ethernet frame
header ACL to the interface
to filter packets.
4.
Exit to system view.
Command
system-view
acl copy { source-acl-number | name source-acl-name } to
{ dest-acl-number | name dest-acl-name }
Command
system-view
acl ipv6 copy { source-acl6-number | name
source-acl6-name } to { dest-acl6-number | name
dest-acl6-name }
Command
system-view
interface interface-type
interface-number
packet-filter { acl-number |
name acl-name } inbound
quit
10
Remarks
N/A
N/A
By default, no ACL is applied to any
interface.
N/A
Advertisement
Table of Contents
