3com 8807 User Guide
216
C
HAPTER
24: VLAN-ACL C
ONFIGURATION
The VLAN-ACL configuration is subject to the following limitations:
1 Limitations on flow templates:
■
The system only applies VLAN-ACL to ports with the default flow template
applied. The applied ACL rule field must be specified by the default flow
template.
applied. The applied ACL rule field must be specified by the default flow
template.
■
If no port in a VLAN has ACL rules applied to, the system checks all ports in the
VLAN when applying an ACL rule in VLAN view and prohibits the ACL rule from
being applied if a port in the VLAN has a customized flow template applied to.
VLAN when applying an ACL rule in VLAN view and prohibits the ACL rule from
being applied if a port in the VLAN has a customized flow template applied to.
■
If a VLAN-ACL is applied to some of the ports in a VLAN, a port with a
customized flow template applied to can be added to the VLAN. But the
system will fail to apply the VLAN-ACL to the newly added port. That is, you
can apply the VLAN-ACL in VLAN view to all the ports in the VLAN except the
customized flow template applied to can be added to the VLAN. But the
system will fail to apply the VLAN-ACL to the newly added port. That is, you
can apply the VLAN-ACL in VLAN view to all the ports in the VLAN except the
Tag priority for
packets
packets
traffic-priority inbound ip-group {
acl-number | acl-name } [ rule rule [
system-index index ] ] { auto |
remark-policed-service { trust-dscp | dscp
dscp-value | untrusted dscp dscp-value cos
cos-value local-precedence local-precedence
drop-priority drop-level } }
acl-number | acl-name } [ rule rule [
system-index index ] ] { auto |
remark-policed-service { trust-dscp | dscp
dscp-value | untrusted dscp dscp-value cos
cos-value local-precedence local-precedence
drop-priority drop-level } }
Optional
Configure packet
redirection
redirection
traffic-redirect inbound ip-group {
acl-number | acl-name } [ rule rule [
system-index index ] ] { cpu | next-hop
ip-addr1 [ ip-addr2 ] [ invalid { forward |
drop } ] }
acl-number | acl-name } [ rule rule [
system-index index ] ] { cpu | next-hop
ip-addr1 [ ip-addr2 ] [ invalid { forward |
drop } ] }
Optional
When executed in
VLAN view, the
traffic-redirect
command only redirects
packets to the next hop
and CPU instead of
ports or service
processor cards. In this
case, the nested-vlan
or modified-vlan
keyword are not
supported.
VLAN view, the
traffic-redirect
command only redirects
packets to the next hop
and CPU instead of
ports or service
processor cards. In this
case, the nested-vlan
or modified-vlan
keyword are not
supported.
Configure traffic
mirroring
mirroring
mirrored-to inbound ip-group {
acl-number | acl-name } [ rule rule [
system-index index ] ] cpu
acl-number | acl-name } [ rule rule [
system-index index ] ] cpu
Optional
Configure traffic
statistics
statistics
traffic-statistic inbound ip-group {
acl-number | acl-name } [ rule rule [
system-index index ] ] [ tc-index index ]
acl-number | acl-name } [ rule rule [
system-index index ] ] [ tc-index index ]
Optional
Quit VLAN view
quit
-
Enter Ethernet port
view
view
interface interface-type interface-number
The port type can only
be Ethernet.
be Ethernet.
Synchronize
manually QACL
configuration to
specified ports
manually QACL
configuration to
specified ports
port can-access vlan-acl vlan vlan-id
Optional
View the ports to
which the VLAN-ACL
configuration is
synchronized in the
VLAN
which the VLAN-ACL
configuration is
synchronized in the
VLAN
display vlan-acl-member-ports vlan
vlan-id
vlan-id
You can use this
command in any view.
command in any view.
Table 183 Configure a VLAN-ACL
Configuration step Command
Description