3Com Switch 4200G Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

221

222

223

224

225

226

227

228

229

230

Applying ACLs on Ports 209

Configuration Example Configure ACL 4000 to deny packets whose 802.1p priority is 3.

<S4200G> system-view

[4200G] acl number 4000

[4200G-acl-ethernetframe-4000] rule deny cos 3

[4200G-acl-ethernetframe-4000] display acl 4000

Ethernet frame ACL 4000, 1 rule

Acl's step is 1

rule 0 deny cos excellent-effort(0 times matched)

Applying ACLs on

Ports

By applying ACLs on ports, you can enable the packet filtering.

■ You can filter inbound packets on each port. Inbound packets refer to packets

received on a port.

Configuration

Preparation

Before applying an ACL on a port, you must define the ACL first. For the ACL

configuration of time ranges, refer to Defining Basic ACLs, Defining Advanced ACLs,

and Defining Layer 2 ACLs.

Configuration Procedure

The ACLs applied on a port can combinations of different types of ACLs. Table 182

describes the ACL combinations.

cos vlan-pri Priority Defines the

802.1p priority of

the rule

vlan-pri: VLAN priority, in the range

of 0 to 7

time-range

time-name

Time range

information

Specifies the time

range in which

the rule is active

time-name: specifies the name of the

time range in which the rule is active;

a string of 1 to 32 characters

type protocol-type

protocol-mask

Protocol type of

Ethernet frames

Defines the

protocol type of

Ethernet frames

protocol-type: protocol type

protocol-mask: protocol type mask

Table 180 Rule information (Continued)

Parameter Type Function Description

Table 181 Apply an ACL on a port

Operation Command Description

Enter system view system-view -

Enter Ethernet port view interface interface-type interface-number -

Apply an ACL on a port packet-filter inbound acl-rule Required

Table 182 Combined application of ACLs

Combination mode Form of acl-rule

Apply all rules in an IP type ACL separately ip-group acl-number

Apply one rule in an IP type ACL separately ip-group acl-number rule rule

Apply all rules in a Link type ACL separately link-group acl-number

Apply one rule in a Link type ACL separately link-group acl-number rule rule

Apply one rule in an IP type ACL and one rule

in a Link type ACL simultaneously

ip-group acl-number rule rule link-group

acl-number rule rule