19
VLAN-ACL
Configuration
Commands
mirrored-to
VLAN-ACL C
C
OMMANDS
The VLAN-ACL configuration is subject to the following limitations:
1 Limitations on flow templates:
The system only applies VLAN-ACL to ports with the default flow template
■
applied. The applied ACL rule field must be specified by the default flow
template.
If no port in a VLAN has ACL rules applied to, the system checks all ports in
■
the VLAN when applying an ACL rule in VLAN view and prohibits the ACL
rule from being applied if a port in the VLAN has a customized flow
template applied to.
If a VLAN-ACL is applied to some of the ports in a VLAN, a port with a
■
customized flow template applied to can be added to the VLAN. But the
system will fail to apply the VLAN-ACL to the newly added port. That is, you
can apply the VLAN-ACL in VLAN view to all the ports in the VLAN except
the newly added one. However, when the self-defined flow template is
deleted under the port, the system will apply QACL rules in the VLAN to the
new port automatically.
You will fail to apply the self-defined flow template of a port with a
■
VLAN-ACL already applied to a customized flow template.
2 If both a VLAN and one of its ports have QACL rules applied, only those applied to
the port work. In this case, the VLAN-ACL takes effect only after the QACL rules
applied to the port are removed and the flow template applied to the port
changes to the default flow template.
3 When the VLAN contains no ports, the system is prohibited from applying
VLAN-ACL (including adding and deleting rules).
4 Two ports differing in VLAN-ACL configuration cannot be aggregated dynamically.
5 A VLAN-ACL is prohibited from being applied to a VLAN containing MPLS
intermixing ports. Similarly, a VLAN with a VLAN-ACL applied to is prohibited from
being used for MPLS intermixing.
Syntax
mirrored-to inbound ip-group { acl-number | acl-name } [ rule rule [
system-index index ] ] cpu
undo mirrored-to inbound ip-group { acl-number | acl-name } [ rule rule ]
ONFIGURATION