No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Fat AP and Cloud AP V200R010C00 Command Reference

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
traffic-filter (AP wired port profile view)

traffic-filter (AP wired port profile view)

Function

The traffic-filter command configures ACL-based packet filtering on an AP's wired interface.

The undo traffic-filter command cancels ACL-based packet filtering configuration on an AP's wired interface.

By default, ACL-based packet filtering is not configured on an AP's wired interface.

Format

traffic-filter { inbound | outbound } { ipv4 | l2 } acl { acl-number | name acl-name }

traffic-filter { inbound | outbound } ipv4 acl { acl-number | name acl-name } l2 acl { acl-number | name acl-name }

undo traffic-filter { inbound | outbound } { ipv4 | l2 } acl { acl-number | name acl-name }

undo traffic-filter { inbound | outbound } ipv4 acl { acl-number | name acl-name } l2 acl { acl-number | name acl-name }

Parameters

Parameter

Description

Value

inbound

Configures ACL-based packet filtering in the inbound direction.

-

outbound

Configures ACL-based packet filtering in the outbound direction.

-

ipv4

Configures ACL-based IPv4 packet filtering.

-

l2

Configures ACL-based Layer 2 packet filtering.

-

acl

Filters packets based on the IPv4 ACL.

-

acl-number

Specifies the number of an ACL.

The IPv4 ACL number ranges from 3000 to 3031 and from 4000 to 4031 for Layer 2 ACLs.

  • The value of an advanced ACL ranges from 3000 to 3031.
  • The value of a Layer 2 ACL ranges from 4000 to 4031.

name acl-name

Filters packets based on a specified named ACL. acl-name specifies the name of the ACL.

The ACL name must exist.

The value range is the same as that of the acl-number parameter.

Views

AP wired port profile view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The rules for an AP's wired interface to filter packets based on ACLs are as follows:

  • If the action in an ACL rule is deny, the device discards packets matching the rule.
  • If the action in an ACL rule is permit, the device forwards packets matching the rule.
  • If no rule is matched, packets are allowed to pass through.
When multiple commands are configured for ACL-based packet filtering in the same direction in the same AP wired port profile view, packets are matched against ACL rules in the sequence in which the commands are configured. If packets match a rule, the system stops the matching process and executes the specified policy. Otherwise, the system continues to match packets against the next rule. If no rule is matched, the packets are allowed to pass through. The following occurs depending on whether packets match ACL rules:
  • If a policy contains only one ACL rule and the ACL rule is matched, the permit or deny action is performed.

  • If a policy contains two ACL rules and the specified action is performed only when the two ACL rules are both matched.

    If the actions in the two ACL rules are both permit, the permit action is performed. Otherwise, the deny action is performed.

If an ACL contains multiple rules, packets are matched against the rules in the ascending order of rule IDs.

Prerequisites

A named ACL has been created using the acl name command.

Precautions

You can specify an empty ACL in this command, and configure this ACL later.

A maximum of eight ACL-based packet filtering policies can be configured in one direction. The policies take effect in the sequence in which they are configured. To improve match efficiency, you are advised to configure an ACL rule with a high match probability for packet filtering. When configuring each ACL rule, set a small ID for the rule with a high match probability, reducing the number of times ACL rules are matched and saving resources. To change the sequence in which packets are filtered based on ACLs, delete all related configurations and reconfigure ACL-based packet filtering.

Example

# Configure the wired interface GE0 of ap-group1 to filter incoming packets based on ACL 3000.

<Huawei> system-view
[Huawei] wlan
[Huawei-wlan-view] wired-port-profile name wired
[Huawei-wlan-wired-port-wired] traffic-filter inbound ipv4 acl 3000
[Huawei-wlan-wired-port-wired] quit
[Huawei-wlan-view] ap-group name ap-group1
[Huawei-wlan-ap-group-ap-group1] wired-port-profile wired gigabitethernet 0
Translation
Download
Updated: 2019-11-21

Document ID: EDOC1100064352

Views: 204097

Downloads: 122

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next