[x]

ACL commands > packet-filter vlan

 

 Next

packet-filter vlan

Use packet-filter vlan to apply an ACL to VLANs to filter packets.

Use undo packet-filter vlan to remove an ACL for filtering packets from VLANs.

Syntax

packet-filter [ ipv6 ] { acl-number | name acl-name } vlan vlan-list { inbound | outbound } [ hardware-count ]

undo packet-filter [ ipv6 ] { acl-number | name acl-name } vlan vlan-list { inbound | outbound }

Default

The system does not filter packets in a VLAN.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

acl-number: Specifies an ACL by its number:

name acl-name: Specifies an ACL by its name. The acl-name argument is a case-insensitive string of 1 to 63 characters. It must start with an English letter. For a basic ACL or advanced ACL, if you do not specify the ipv6 keyword, this option specifies the name of an IPv4 basic ACL or advanced ACL; if you specify the ipv6 keyword, this option specifies the name of an IPv6 basic ACL or advanced ACL.

vlan vlan-list: Specifies a VLAN list, in the format of vlan-id [ to vlan-id ] &<1-10>, where &<1-10> indicates that you can specify up to 10 VLANs or VLAN ranges.

inbound: Filters incoming packets.

outbound: Filters outgoing packets.

hardware-count: Enables counting ACL rule matches performed in hardware. This keyword enables match counting for all rules in an ACL, and the counting keyword in the rule command enables match counting specific to rules. If the hardware-count keyword is not specified, rule matches for the ACL are not counted.

Examples

# Apply IPv4 basic ACL 2001 to filter incoming traffic in VLAN 2, and enable counting ACL rule matches performed in hardware.

<Sysname> system-view
[Sysname] packet-filter 2001 vlan 2 inbound hardware-count

Related commands

prev

 

up

 next

packet-filter global 

home

 reset acl counter

© Copyright 2014 Hewlett-Packard Development Company, L.P.