mac
Commands for VLAN-ACL
511
49.3 vacl ip access-group
Command: vacl ip access-group {<1-299> | WORD} {in | out} [traffic-statistic] vlan
WORD
no vacl ip access-group {<1-299> | WORD} {in | out} vlan WORD
Function: This command configure VACL of IP type on the specific VLAN.
Parameter: <1-299> | WORD: Configure the numeric IP ACL (include: standard ACL
rule <1-99>, extended ACL rule <100-299>) or the named ACL.
in | out: Filter the ingress/egress traffic.
traffic-statistic: Enable the statistic of matched packets number.
vlan WORD: The VLAN will be bound to VACL.
Command mode: Global Mode.
Default: None.
Usage Guide: Use “;” or “-” to input the VLAN or multi-VLANs, but do not exceed 128,
and CLI length cannot exceed 80 characters. Egress direction filtering is not supported
by switch.
Example: Configure the numeric IP ACL and enable the statistic function for Vlan 1-5, 6,
7-9.
Switch(config)#vacl ip access-group 1 in traffic-statistic vlan 1-5; 6; 7-9
49.4 vacl ipv6 access-group
Command: vacl ipv6 access-group (<500-699> | WORD) {in | out} (traffic-statistic|)
vlan WORD
no ipv6 access-group {<500-699> | WORD} {in | out} vlan WORD
Function: This command configure VACL of IPv6 on the specific VLAN.
Parameter: <500-699> | WORD: Configure the numeric IP ACL (include: IPv6 standard
ACL rule <500-599>, IPv6 extended ACL rule <600-699>) or the named ACL.
in | out: Filter the ingress/egress traffic.
traffic-statistic: Enable the statistic of matched packets number.
vlan WORD: The VLAN will be bound to VACL.
Command mode: Global Mode.
Default: None.
Usage Guide: Use “;” or “-” to input the VLAN or multi-VLANs, but do not exceed 128,
and CLI length cannot exceed 80 characters. Egress direction filtering and extended
IPv6 is not supported by switch.
Example: Configure the numeric IPv6 ACL for Vlan 5.