[Sysname-Ethernet1/0/1] packet-filter inbound ip-group 2000
Applying ACL Rules to Ports in a VLAN
By applying ACL rules to ports in a VLAN, you can add filtering of packets on all the ports
in the VLAN.
Note:
The ACL rules are only applied to ports that are in the VLAN at the time the packet-filter
vlan command is executed. In other words:
A port joining the VLAN later will not use the ACL rules for packet filtering.
A port leaving the VLAN later will keep using the ACL rules for packet filtering.
Configuration prerequisites
Before applying ACL rules to ports in a VLAN, you need to define the related ACLs. For
information about defining an ACL, refer to
ACL,
Configuring Layer 2
Configuration procedure
Follow these steps to apply ACL rules to ports in a VLAN:
To do...
Enter system view
Apply ACL rules to ports in
a VLAN
Configuration example
# Apply ACL 2000 to all ports of VLAN 1 in the inbound direction to filter packets.
<Sysname> system-view
[Sysname] packet-filter vlan 1 inbound ip-group 2000
Displaying and Maintaining ACL Configuration
To do...
Display a configured ACL or
all the ACLs
Display a time range or all
the time ranges
Configuring Basic
ACL, and
Configuring User-defined
Use the command...
system-view
packet-filter vlan vlan-id
{ inbound | outbound }
acl-rule
Use the command...
display acl { all | acl-number }
display time-range { all |
time-name }
1-12
ACL,
Configuring Advanced
ACL.
Remarks
—
Required
For information about
acl-rule, refer to ACL
Commands.
Remarks
Available in any
view