No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


CLI-based Configuration Guide - QoS

AR100-S, AR110-S, AR120-S, AR150-S, AR160-S, AR200-S, AR1200-S, AR2200-S, and AR3200-S V200R009

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring ACL-based Packet Filtering

Configuring ACL-based Packet Filtering

Pre-configuration Tasks

By configuring ACL-based packet filtering, the device permits or rejects packets matching ACL rules to control network traffic.

Before configuring ACL-based packet filtering, complete the following tasks:
  • Configure link layer attributes of interfaces to ensure that the interfaces work properly.

  • Configure IP addresses and routing protocols for interfaces to ensure connectivity.

  • Configure an ACL and specifying logging in the rule command when IP information about packets matching ACL rules in logs needs to be recorded.


  1. Run system-view

    The system view is displayed.

  2. Run interface interface-type interface-number

    The interface view is displayed.


    ACL-based packet filtering can be only configured on WAN-side interfaces.

  3. Run traffic-filter { inbound | outbound } { acl | ipv6 acl } { acl-number | name acl-name }

    ACL-based packet filtering is configured.


    Loopback interfaces of the device support traffic-filter inbound acl { acl-number | name acl-name } and undo traffic-filter inbound. That is, traffic-filter can be configured on a loopback interface in the inbound direction, but IPv6 ACLs are not supported.

  4. Run quit

    Exit from the interface view.

  5. (Optional) Run the acl logging { timeout | update } { interval | default } command to set the log update and aging interval after IP information about packets matching ACL rules is recorded in logs.

Verifying the Configuration

  • Run the display traffic-filter applied-record command to check ACL-based packet filtering information.

  • Run the display traffic-filter statistics interface interface-type interface-number { inbound | outbound } or display traffic-filter statistics interface virtual-template vt-number virtual-access va-number { inbound | outbound } command to view traffic statistics about ACL-based packet filtering on an interface.

Updated: 2019-05-17

Document ID: EDOC1000174115

Views: 41686

Downloads: 28

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Previous Next