3com 8807 ユーザーガイド
24
VLAN-ACL C
ONFIGURATION
VLAN-ACL Overview
VLAN-ACL is VLAN-based ACL. You can configure QACL for a VLAN to control
accesses made to all ports in the VLAN.
accesses made to all ports in the VLAN.
VLAN-ACL enables you to manage a network in an easier way. After you configure
QACL for a VLAN, the system synchronizes the configuration to all member ports
in the VLAN automatically. Therefore you need not to configure QACL for every
port.
QACL for a VLAN, the system synchronizes the configuration to all member ports
in the VLAN automatically. Therefore you need not to configure QACL for every
port.
VLAN-ACL
Configuration
Configuration
Configuration
Prerequisites
The VLAN for which you configure QACL must meet the following requirements:
■
The VLAN has member ports.
■
The VLAN has no MPLS intermixing ports.
■
The default flow template is applied to ports in the VLAN.
Configuring a VLAN-ACL
Table 183 Configure a VLAN-ACL
Configuration step Command
Description
Enter system view
system-view
-
Create an ACL and
enter the
corresponding view
enter the
corresponding view
acl { number acl-number | name acl-name [
advanced | basic ] } [ match-order { config |
auto } ]
advanced | basic ] } [ match-order { config |
auto } ]
Only basic or advanced
ACL and the rules are
applicable to
VLAN-ACL.
ACL and the rules are
applicable to
VLAN-ACL.
Define a rule
rule
Required
Quit ACL view
quit
-
Enter VLAN view
vlan vlan-id
VLAN-ACL is prohibited
from being applied to
the VLAN containing
MPLS intermixing ports.
from being applied to
the VLAN containing
MPLS intermixing ports.
Configure packet
filtering (activating
ACLs)
filtering (activating
ACLs)
packet-filter inbound ip-group {
acl-number | acl-name } [ rule rule [
system-index index ] ]
acl-number | acl-name } [ rule rule [
system-index index ] ]
Optional
Configure traffic
policing
policing
traffic-limit inbound ip-group { acl-number
| acl-name } [ rule rule [ system-index index ]
] [ tc-index index ] { traffic-index
traffic-index | cir cbs ebs [ pir ] } { conform {
remark-cos | remark-policed-service } |
exceed { forward | drop } }*
| acl-name } [ rule rule [ system-index index ]
] [ tc-index index ] { traffic-index
traffic-index | cir cbs ebs [ pir ] } { conform {
remark-cos | remark-policed-service } |
exceed { forward | drop } }*
Optional