No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


Configuration Guide - Security

S7700 and S9700 V200R011C10

This document describes the configurations of Security, including ACL, reflective ACL, local attack defense, MFF, attack defense, traffic suppression and storm control, ARP security, port security, DHCP snooping, ND snooping, PPPoE+, IPSG, SAVI, URPF, keychain, separating the management plane from the service plane, security risks.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
How Can I Apply an ACL to a VLAN?

How Can I Apply an ACL to a VLAN?

You can use either of the following methods to associate an ACL with a service module (traffic policy or simplified traffic policy), and apply the ACL to a VLAN:


The following commands are only for you reference. You should comply with the command line syntax of the version running on your device.

  • Method 1: Apply a traffic policy to a VLAN.
    1. Configure a traffic classifier.
      1. Run the traffic classifier classifier-name [ operator { and | or } ] [ precedence precedence-value ] command in the system view to enter the traffic classifier view.
      2. Run the if-match acl { acl-number | acl-name } command to apply an ACL to the traffic classifier.
    2. Configure a traffic behavior.

      Run the traffic behavior behavior-name command in the system view to create a traffic behavior and enter the traffic behavior view.

    3. Configure a traffic action.

      There are two actions for packet filtering: deny and permit. For other traffic actions, see Configuration Guide - QoS of the corresponding product version.

    4. Configure a traffic policy.

      1. Run the traffic policy policy-name [ match-order { auto | config } ] command in the system view to create a traffic policy and enter the traffic policy view.

      2. Run the classifier classifier-name behavior behavior-name command to configure a traffic behavior for the specified traffic classifier in the traffic policy. That is, bind the traffic behavior to the classifier.

    5. Apply the traffic policy.

      Run the traffic-policy policy-name { inbound | outbound } command in the VLAN view to apply the traffic policy.

  • Method 2: Apply the simplified traffic policy with the specified VLAN ID globally.

    Run the following commands in the system view:

    • Packet filtering based on ACL
      • traffic-filter vlan vlan-id inbound acl xxx
      • traffic-filter vlan vlan-id outbound acl xxx
      • traffic-secure vlan vlan-id inbound acl xxx
    • Traffic policing based on ACL

      • traffic-limit vlan vlan-id inbound acl xxx
      • traffic-limit vlan vlan-id outbound acl xxx
    • Redirection based on ACL

      traffic-redirect vlan vlan-id inbound acl xxx

    • Re-mark based on ACL

      • traffic-remark vlan vlan-id inbound acl xxx
      • traffic-remark vlan vlan-id outbound acl xxx
    • Traffic statistics collection based on ACL

      • traffic-statistic vlan vlan-id inbound acl xxx
      • traffic-statistic vlan vlan-id outbound acl xxx
    • Traffic mirroring based on ACL

      traffic-mirror vlan vlan-id inbound acl xxx

Updated: 2019-09-23

Document ID: EDOC1000178319

Views: 150348

Downloads: 82

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next