Table of Contents
Advertisement
Operation Manual – ACL
H3C S3100 Series Ethernet Switches
[Sysname-acl-ethernetframe-4000] display acl 4000
Ethernet frame ACL
Acl's step is 1
rule 0 deny cos excellent-effort source 000d-88f5-97ed ffff-ffff-ffff dest
0011-4301-991e ffff-ffff-ffff
1.3 ACL Assignment
On an S3100-EI Ethernet switch, you can assign ACLs to the hardware for packet
filtering.
As for ACL assignment, the following four ways are available.
Assigning ACLs globally, for filtering the inbound packets on all the ports.
Assigning ACLs to a VLAN, for filtering the inbound packets on all the ports and
belonging to a VLAN.
Assigning ACLs to a port group, for filtering the inbound packets on all the ports in
a port group. For information about port group, refer to Port Basic Configuration.
Assigning ACLs to a port, for filtering the inbound packets on a port.
You can assign ACLs in the above-mentioned ways as required.
Caution:
In terms of priority, the ACLs assigned globally, ACLs assigned to a VLAN and ACLs
assigned to a port group (or a port) rank in descending order. If a packet matches
multiple rules in these ACLs and is permitted by some rules but denied by the others,
the device permits or denies the packet based on the rule in the ACL with the highest
priority.
1.3.1 Assigning an ACL Globally
I. Configuration prerequisites
Before applying ACL rules to a VLAN, you need to define the related ACLs. For
information about defining an ACL, refer to section
section
1.2.3 Configuring Advanced
II. Configure procedure
Table 1-5 Assign an ACL globally
Operation
Enter system view
4000, 1 rule
ACL, section
Command
system-view
1-10
Chapter 1 ACL Configuration
1.2.2 Configuring Basic
1.2.4 Configuring Layer 2
Description
—
ACL,
ACL.
Advertisement
Chapters
Table of Contents
Troubleshooting
