4-1
4
ACL Application for Packet Filtering
When applying an ACL for packet filtering, go to these sections for information you are interested in:
z
z
z
z
You can apply an ACL to the inbound direction of an Ethernet interface or VLAN interface to filter
packets:
z
Applied to an Ethernet interface, an ACL can filter all Ethernet frames, IPv4 packets, and IPv6
packets that are received or to be sent on the interface.
z
Applied to a VLAN interface, an ACL filters only Layer 3 packets that are needed to be forwarded
through the VLAN interface.
You can edit the rules in an applied ACL, such as add, remove, and modify rules, and the edited rules
take effect immediately.
Filtering Ethernet Frames
Follow these steps to apply an Ethernet frame header ACL to an interface to filter Ethernet frames:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Enter Ethernet
interface view
interface interface-type
interface-number
Enter
interface
view
Enter VLAN
interface view
interface vlan-interface
vlan-id
Use either command
Apply an Ethernet frame
header ACL to the interface to
filter Ethernet frames
packet-filter
{
acl-number |
name
acl-name
}
inbound
Required
By default, an interface does
not filter Ethernet frames.
Filtering IPv4 Packets
Follow these steps to apply an IPv4 ACL to an interface to filter IPv4 packets:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Enter
interface
Enter Ethernet
interface view
interface interface-type
interface-number
Use either command
Summary of Contents for S5500-SI Series
Page 161: ...3 10 GigabitEthernet1 0 1 2 MANUAL...
Page 220: ...1 7 Clearing ARP entries from the ARP table may cause communication failures...
Page 331: ...1 7 1 1 ms 1 ms 1 ms 1 1 6 1 2 1 ms 1 ms 1 ms 1 1 4 1 3 1 ms 1 ms 1 ms 1 1 2 2 Trace complete...
Page 493: ...2 8...
Page 1111: ...1 10 Installing patches Installation completed and patches will continue to run after reboot...