packet-filter vlan
Use packet-filter vlan to apply an ACL to VLANs to filter packets.
Use undo packet-filter vlan to remove an ACL for filtering packets from VLANs.
Syntax
packet-filter [ ipv6 ] { acl-number | name acl-name } vlan vlan-list { inbound | outbound } [ hardware-count ]
undo packet-filter [ ipv6 ] { acl-number | name acl-name } vlan vlan-list { inbound | outbound }
Default
The system does not filter packets in a VLAN.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
acl-number: Specifies an ACL by its number:
2000 to 2999 for IPv4 basic ACLs if the ipv6 keyword is not specified and for IPv6 basic ACLs if the ipv6 keyword is specified.
3000 to 3999 for IPv4 advanced ACLs s if the ipv6 keyword is not specified and for IPv6 advanced ACLs if the ipv6 keyword is specified.
4000 to 4999 for Ethernet frame header ACLs. This entry is not displayed if the ipv6 keyword is specified.
5000 to 5999 for user-defined ACLs. This entry is not displayed if the ipv6 keyword is specified. User-defined ACLs do not support outbound packet filtering.
name acl-name: Specifies an ACL by its name. The acl-name argument is a case-insensitive string of 1 to 63 characters. It must start with an English letter. For a basic ACL or advanced ACL, if you do not specify the ipv6 keyword, this option specifies the name of an IPv4 basic ACL or advanced ACL; if you specify the ipv6 keyword, this option specifies the name of an IPv6 basic ACL or advanced ACL.
vlan vlan-list: Specifies a VLAN list, in the format of vlan-id [ to vlan-id ] &<1-10>, where &<1-10> indicates that you can specify up to 10 VLANs or VLAN ranges.
inbound: Filters incoming packets.
outbound: Filters outgoing packets.
hardware-count: Enables counting ACL rule matches performed in hardware. This keyword enables match counting for all rules in an ACL, and the counting keyword in the rule command enables match counting specific to rules. If the hardware-count keyword is not specified, rule matches for the ACL are not counted.
Examples
# Apply IPv4 basic ACL 2001 to filter incoming traffic in VLAN 2, and enable counting ACL rule matches performed in hardware.
<Sysname> system-view [Sysname] packet-filter 2001 vlan 2 inbound hardware-count
Related commands
display packet-filter
display packet-filter statistics
display packet-filter verbose