3com WX3000 Manuel D’Utilisation
1-9
z
ACLs assigned globally take precedence over those that are assigned to VLANs. That is, when a
packet matches a rule of a globally assigned ACL and a rule of an ACL assigned to a VLAN, the
device will perform the action defined in the rule of the globally assigned ACL if the actions defined
in the two rules conflict.
z
When a packet matches a rule of an ACL assigned globally (or assigned to a VLAN) and a rule of
an ACL assigned to a port (or port group), the device will deny the packets if the actions defined in
the two rules conflict.
z
ACLs assigned globally or to a VLAN take precedence over the default ACL. However, assigning
ACLs globally or to a VLAN may affect device management that is implemented through Telnet and
so on.
Assigning an ACL Globally
Configuration prerequisites
Before applying ACL rules to a VLAN, you need to define the related ACLs. For information about
defining an ACL, refer to
Configure procedure
Follow these steps to assign an ACL globally:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Assign an ACL
globally
globally
packet-filter inbound acl-rule
Required
For description on the acl-rule
argument, refer to ACL Command.
argument, refer to ACL Command.
Configuration example
# Apply ACL 2000 globally to filter the inbound packets on all the ports.
<device> system-view
[device] packet-filter inbound ip-group 2000
Assigning an ACL to a VLAN
Configuration prerequisites
Before applying ACL rules to a VLAN, you need to define the related ACLs. For information about
defining an ACL, refer to
Configuration procedure
Follow these steps to assign an ACL to a VLAN: