H3C S9500 Series Operating Manual page 61

Operation Manual – QoS
H3C S9500 Series Routing Switches
Enter ACL view
Define the rule of
reflexive ACL
Exit ACL view
Enter VLAN view
Configure reflexive
ACL
Exit VLAN view
Enter Ethernet port
view
Configure packet
redirection to redirect
the packet on the
specified port to the
service processing
board
To do...
acl { number acl-number |
name acl-name [ advanced |
basic ] } [ match-order
{ config | auto } ]
rule [ rule-id ] { permit |
deny } { icmp | tcp | udp }
[ packet-level { bridge |
route } | source
{ source-addr wildcard | any }
| destination { dest-addr
wildcard | any } | icmp-type
type code | source-port
operator port1 [ port2 ] |
destination-port operator
port1 [ port2 ] ] * reflective
[ time-range name ]
quit
vlan vlan-id
packet-filter outbound
ip-group { acl-number |
acl-name } [ rule rule
[ system-index index ] ] slot
slot-id
quit
interface interface-type
interface-number
traffic-redirect inbound
ip-group { acl-number |
acl-name } rule rule
link-group { acl-number |
acl-name } [ rule rule ] slot
slot-id designated-vlan
vlanid [ join-vlan ]
Or
traffic-redirect inbound
ip-group { acl-number |
acl-name } link-group
{ acl-number | acl-name }
rule rule slot slot-id
designated-vlan vlanid
[ join-vlan ]
Use the command...
6-4
Chapter 6 EACL Configuration
Remarks
Required
Create the rule used for
reflexive ACL. This
function does not support
Layer-2 ACL
The rule with reflective is
used for the reflexive ACL
—
You need to configure the
VLAN where the reflexive
ACL port resides.
Required
Deliver the ACL rule with
reflective to the VLAN
—
Required
Enter Ethernet port view
of the ACL to be
configured
Required
"slotid" indicates the
number of the slot where
the service processing
board resides. Currently
the service processing
board does not support
multicast. You can use
ACL to limit redirection of
multicast packets.