Chapter 55 Vlan-Acl Configuration; Introduction To Vlan-Acl; Vlan-Acl Configuration Task List - Planet XGS3-42000R User Manual

4-slot layer 3 ipv6/ ipv4 routing chassis switch
Table of Contents

Advertisement

Chapter 55 VLAN-ACL Configuration

55.1 Introduction to VLAN-ACL

The user can configure ACL policy to VLAN to implement the accessing control of all ports in VLAN, and
VLAN-A CL enables the user to expediently manage the net work. The user only needs to configure ACL policy
in VLAN, the corresponding ACL action can takes effect on all member ports of VLAN, but it does not need to
solely configure on each member port.
When VLAN A CL and Port ACL are configured at the same time, the principle of denying firstly is used. When
the packets match VLAN ACL and Port A CL at the same time, as long as one rule is drop, then the final action
is drop.
Egress ACL can implement the filtering of the packets on egress and ingress direction, the packets match the
specific rules can be allowed or denied. ACL can support IP ACL, MAC ACL, MAC-IP ACL, IP v6 ACL. Ingress
direction of VLAN can bind four kinds of A CL at the same time, there are four resources on egress direction of
VLAN, IP ACL and MAC ACL engage one resource severally, MAC-IP ACL and IP v6 ACL engage two
resources severally, so egress direction of VLA N can not bind four kinds of ACL at the same time. When
binding three kinds of A CL at the same time, it should be the types of IP, MAC, MAC-IP or IP, MAC, IP v6.
When binding two kinds of ACL at the same time, any combination of ACL type is valid. Each type can only
apply one on a VLAN.

55.2 VLAN-ACL Configuration Task List

1. Configure VLAN-ACL of IP type
2. Configure VLAN-ACL of MAC type
3. Configure VLAN-ACL of MAC-IP
4. Configure VLAN-ACL of IP v6 type
5. Show configuration and statistic information of VLAN-ACL
6. Clear statistic information of VLA N-A CL
1. Configure VLAN-ACL of IP type
Global mode
vacl ip access-group {<1-299> | WORD} {in
| out} [traffi c-statistic] vlan WORD
no vacl ip access-group {<1-299> |
WORD} {in | out} vlan WORD
Command
Explanation
Configure or delete IP VLAN-ACL.
55-1

Advertisement

Table of Contents

Troubleshooting

loading

Table of Contents