Configuration procedure
Table 1-6 Assign an ACL to a VLAN
Operation
Enter system view
Apply an ACL to a VLAN
An ACL assigned to a VLAN takes effect only for the packets tagged with 802.1Q header. For more
information about 802.1Q header, refer to the VLAN part.
Configuration example
# Apply ACL 2000 to VLAN 10 to filter the inbound packets of VLAN 10 on all the ports.
<Sysname> system-view
[Sysname] packet-filter vlan 10 inbound ip-group 2000
Assigning an ACL to a Port Group
Configuration prerequisites
Before applying ACL rules to a VLAN, you need to define the related ACLs. For information about
defining an ACL, refer to section
Configuring Layer 2
Configuration procedure
Table 1-7 Assign an ACL to a port group
Operation
Enter system view
Enter port group view
Apply an ACL to the port
group
Command
system-view
packet-filter vlan vlan-id
inbound acl-rule
Configuring Basic
ACL.
Command
system-view
port-group group-id
packet-filter inbound acl-rule
—
Required
For description on the acl-rule argument,
refer to ACL Command.
ACL, section
Configuring Advanced
—
—
Required
For description on the acl-rule
argument, refer to ACL Command.
1-10
Description
ACL, section
Description