Assigning An Acl To A Port - H3C S5100-SI Operation Manual

As S5100-SI series switches do not support port group configuration, they do not support ACL
application on port groups.
After an ACL is assigned to a port group, it will be automatically assigned to the ports that are
subsequently added to the port group.
Configuration example
# Apply ACL 2000 to port group 1 to filter the inbound packets on all the ports in the port group.
<Sysname> system-view
[Sysname] port-group 1
[Sysname-port-group-1] packet-filter inbound ip-group 2000

Assigning an ACL to a Port

Configuration prerequisites
Before applying ACL rules to a VLAN, you need to define the related ACLs. For information about
defining an ACL, refer to section
Configuring Layer 2
Configuration procedure
Table 1-8 Apply an ACL to a port
Operation
Enter system view
Enter Ethernet port view
Apply an ACL to the port
You cannot assign an ACL to a member port of a port group on an S5100-EI series switch.
Configuration example
# Apply ACL 2000 to GigabitEthernet 1/0/1 to filter the inbound packets.
<Sysname> system-view
[Sysname] interface GigabitEthernet 1/0/1
[Sysname-GigabitEthernet1/0/1] packet-filter inbound ip-group 2000
Configuring Basic
ACL.
system-view
interface interface-type
interface-number
packet-filter inbound acl-rule
ACL, section Configuring Advanced
Command
1-11
ACL, section
Description
—
—
Required
For description on the acl-rule
argument, refer to ACL
Command.