Assigning An Acl Globally; Assigning An Acl To A Vlan - 3Com WX3000 Series Operation Manual

ACLs assigned globally take precedence over those that are assigned to VLANs. That is, when a
packet matches a rule of a globally assigned ACL and a rule of an ACL assigned to a VLAN, the
device will perform the action defined in the rule of the globally assigned ACL if the actions defined
in the two rules conflict.
When a packet matches a rule of an ACL assigned globally (or assigned to a VLAN) and a rule of
an ACL assigned to a port (or port group), the device will deny the packets if the actions defined in
the two rules conflict.
ACLs assigned globally or to a VLAN take precedence over the default ACL. However, assigning
ACLs globally or to a VLAN may affect device management that is implemented through Telnet and
so on.

Assigning an ACL Globally

Configuration prerequisites
Before applying ACL rules to a VLAN, you need to define the related ACLs. For information about
defining an ACL, refer to
Configure procedure
Follow these steps to assign an ACL globally:
To do...
Enter system view
Assign an ACL
globally
Configuration example
# Apply ACL 2000 globally to filter the inbound packets on all the ports.
<device> system-view
[device] packet-filter inbound ip-group 2000

Assigning an ACL to a VLAN

Configuration prerequisites
Before applying ACL rules to a VLAN, you need to define the related ACLs. For information about
defining an ACL, refer to
Configuration procedure
Follow these steps to assign an ACL to a VLAN:
Configuring Basic ACL,
Use the command...
system-view
packet-filter inbound acl-rule
Configuring Basic ACL,
1-9
Configuring Advanced ACL,
—
Required
For description on the acl-rule
argument, refer to ACL Command.
Configuring Advanced ACL,
Configuring Layer 2 ACL.
Remarks
Configuring Layer 2 ACL.