No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S12700 V200R013C00 Command Reference

This document describes all the configuration commands of the device, including the command function, syntax, parameters, views, default level, usage guidelines, examples, and related commands.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Filtering Configuration Commands

Filtering Configuration Commands

Command Support

Commands provided in this section and all the parameters in the commands are supported by all switch models by default, unless otherwise specified. For details, see specific commands.

deny | permit

Function

The deny | permit command configures access control for service packets based on traffic classifiers.

  • The deny command prevents service flows that match a specified rule from passing through.
  • The permit command forwards packets matching traffic classification rules according to the original policy.

The undo { deny | permit } command cancels access control for service packets based on traffic classifiers.

By default, a switch does not control service packets based on traffic classifiers.

Format

deny | permit

undo { deny | permit }

Parameters

None

Views

Traffic behavior view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The device implements access control using a traffic policy. That is, you can use a traffic policy containing deny | permit on the device so that the device provides the firewall function to filter out specified types of packets. The deny | permit command only filters data packets, but does not process control packets such as STP BPDUs sent to the CPU.

Precautions

When you specify a packet filtering action for packets matching an ACL, if the ACL rule defines permit, the device processes packets according to the action (deny or permit) in the traffic behavior. If the ACL rule defines deny, the device discards packets regardless of whether deny or permit is configured in the traffic behavior.

When you specify the packet filtering action for packets matching an ACL to deny or permit, if the ACL rule contains the logging field, logs are recorded when packets are discarded or forwarded.

If a traffic policy in which the deny behavior is defined is applied to the outbound direction, control packets of ICMP, OSPF, BGP, RIP, SNMP, and Telnet sent by the CPU are discarded. This affects relevant protocol functions.

In the same traffic behavior, the deny action cannot be used with other traffic actions. Before adding other traffic actions such as re-marking to a traffic behavior, ensure that the traffic behavior does not contain the deny action. If the traffic behavior contains the deny action, configure the permit action before configuring other traffic actions.

Example

# Configure a traffic policy p1 to prevent the packets from VLAN 2 to pass through GE1/0/1.

<HUAWEI> system-view
[HUAWEI] traffic classifier c1
[HUAWEI-classifier-c1] if-match vlan-id 2
[HUAWEI-classifier-c1] quit
[HUAWEI] traffic behavior b1
[HUAWEI-behavior-b1] deny
[HUAWEI-behavior-b1] quit
[HUAWEI] traffic policy p1
[HUAWEI-trafficpolicy-p1] classifier c1 behavior b1
[HUAWEI-trafficpolicy-p1] quit
[HUAWEI] interface gigabitethernet 1/0/1
[HUAWEI-GigabitEthernet1/0/1] traffic-policy p1 inbound
Related Topics
Translation
Download
Updated: 2019-04-09

Document ID: EDOC1100065659

Views: 126272

Downloads: 88

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next