No relevant resource is found in the selected language.
Enterprise
Worldwide
Search
Support Documentation
S2700 and S3700 V100R006C05 Configuration Guide - QoS
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring ACL-based Packet Filtering

Configuring ACL-based Packet Filtering

ACL-based packet filtering allows the device to permit or reject packets matching ACL rules to control network traffic.

Pre-configuration Tasks

Before configuring ACL-based packet filtering, complete the following tasks:

  • Configuring link layer attributes of interfaces to ensure that the interfaces work properly

  • Configuring an ACL

Among S2700 series, only the S2700-52P-EI, S2700-52P-PWR-EI, and S2710SI support the traffic-secure command.

You can run the traffic-filter or traffic-secure command to configure packet filtering based on the following rules:

  • If the ACL referenced by the traffic-filter or traffic-secure command is not referenced by other ACL-based simplified traffic policies, and packets do not match both ACLs associated with packet filtering and simplified traffic policies, use traffic-filter or traffic-secure.

  • If the ACL referenced by the traffic-filter or traffic-secure command is referenced by other ACL-based simplified traffic policies, or packets match both ACLs associated with packet filtering and simplified traffic policies, the differences between the traffic-filter and traffic-secure commands are as follows:

    • When the traffic-secure command and other ACL-based simplified traffic policies are configured simultaneously, and the ACL defines the deny action, only the traffic-secure, traffic-mirror, and traffic-statistics commands take effect and packets are filtered.

    • When the traffic-secure command and other ACL-based simplified traffic policies are configured simultaneously, and the ACL defines the permit action, the traffic-secure command and other ACL-based simplified traffic policies take effect.

    • When the traffic-filter command and other ACL-based simplified traffic policies are configured simultaneously, and the ACL defines the deny action, only the traffic-filter, traffic-mirror, and traffic-statistics commands take effect and packets are filtered.

    • When the traffic-filter command and other ACL-based simplified traffic policies are configured simultaneously, and the ACL defines the permit action, the traffic policy that was configured first takes effect.

Procedure

  • Configuring packet filtering globally or in a VLAN
    1. Run: 

      system-view

      The system view is displayed.

    2. Run the following commands as required.

      • On the Other S2700EI models except S2700-52P-EI and S2700-52P-PWR-EI, run:

        traffic-filter [ vlan vlan-id ] inbound acl { bas-acl | adv-acl } [ rule rule-id ]

        The device is configured to filter incoming packets matching an ACL.

      • On the S2752P-EI, S2752P-PWR-EI, S3700SI, and S3700EI, run:

        traffic-filter [ vlan vlan-id ] inbound acl { bas-acl | adv-acl | user-acl } [ rule rule-id ]

        The device is configured to filter incoming packets matching an ACL.

      • Run:

        traffic-secure [ vlan vlan-id ] inbound acl { bas-acl | adv-acl | l2-acl | name acl-name } [ rule rule-id ]

        The device is configured to filter incoming packets matching an ACL.

      • Run:

        traffic-secure [ vlan vlan-id ] inbound acl { l2-acl | name acl-name } [ rule rule-id ] acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ]

        The device is configured to filter incoming packets matching Layer 2 and Layer 3 ACLs.

  • Configuring packet filtering on an interface
    1. Run: 

      system-view

      The system view is displayed.

    2. Run: 

      interface interface-type interface-number

      The interface view is displayed.

    3. Run the following commands as required.

      • On the Other S2700EI models except S2700-52P-EI and S2700-52P-PWR-EI, run:

        traffic-filter inbound acl { bas-acl | adv-acl } [ rule rule-id ]

        The device is configured to filter incoming packets matching an ACL.

      • On the S2752P-EI, S2752P-PWR-EI, S3700SI, and S3700EI, run:

        traffic-filter inbound acl { bas-acl | adv-acl | user-acl } [ rule rule-id ]

        The device is configured to filter incoming packets matching an ACL.

      • Run:

        traffic-secure inbound acl { bas-acl | adv-acl | l2–acl | name acl-name } [ rule rule-id ]

        The device is configured to filter incoming packets matching an ACL.

      • Run:

        traffic-secure inbound acl { l2–acl | name acl-name } [ rule rule-id ] acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ]

        The device is configured to filter incoming packets matching Layer 2 and Layer 3 ACLs.

Translation
简体中文
Download
Updated: 2020-05-22

Document ID: EDOC1000017277

Views: 54683

Downloads: 499

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Share
Previous Next

Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :