Displaying And Debugging Acl Configurations - H3C S9500 Series Operation Manual

Operation Manual – QoS/ACL
H3C S9500 Series Routing Switches
Table 1-13 Activate ACL
Activate ip group ACL
Deactivate ip group ACL
Caution:
The syntax of the QoS/ACL command used for service processor cards
(LSB1NATB0 cards in the context of this document) is somewhat different from that
for interface cards. Refer to related description in the manual.
Before executing the packet-filter command on a service processor card, you must
first configure traffic redirection in Ethernet port view to redirect the packets of a
specific VLAN to the service processor card.
Service processor cards do not support Layer 2 ACL.
system-index index here is the system index for an ACL rule. When delivering a rule,
the system assigns a globally unique index to it, for convenience of later retrieval. You
can also assign a system index for it when delivering an ACL rule with this command.
However, you are not recommended to assign a system index if not urgently necessary.
Note:
If you remove the card with QoS/ACL configured when the system operates, the
corresponding system index value is automatically released and is then used for a
newly delivered flow rule. Once the system index value is occupied, the original
configuration cannot be restored even you insert the removed card back.

1.3 Displaying and Debugging ACL Configurations

After these configurations are completed, you can use the display command in any
view to view ACL running to check configuration result. You can clear ACL statistics
using the display command in user view.
Operation
packet-filter inbound ip-group { acl-number |
acl-name } [ rule rule] [ system-index index] slot slotid
undo packet-filter inbound ip-group { acl-number |
acl-name } [ rule rule ] slot slotid
Command
1-12
Chapter 1 ACL Configuration