No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S12700 V200R013C00 Command Reference

This document describes all the configuration commands of the device, including the command function, syntax, parameters, views, default level, usage guidelines, examples, and related commands.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
traffic-filter (AP wired port profile view)

traffic-filter (AP wired port profile view)

Function

The traffic-filter command configures ACL-based IPv4, IPv6, or Layer 2 packet filtering on an AP's wired interface.

The undo traffic-filter command cancels the ACL-based IPv4, IPv6, or Layer 2 packet filtering configuration on an AP's wired interface.

By default, ACL-based IPv4, IPv6, or Layer 2 packet filtering is not configured on an AP's wired interface.

Format

traffic-filter { inbound | outbound } { ipv4 | ipv6 | l2 } acl { acl-number | name acl-name }

traffic-filter { inbound | outbound } ipv4 acl { acl-number | name acl-name } l2 acl { acl-number | name acl-name }

undo traffic-filter { inbound | outbound } { ipv4 | ipv6 | l2 } acl { acl-number | name acl-name }

undo traffic-filter { inbound | outbound } ipv4 acl { acl-number | name acl-name } l2 acl { acl-number | name acl-name }

Parameters

Parameter

Description

Value

inbound

Configures ACL-based packet filtering in the inbound direction.

-

outbound

Configures ACL-based packet filtering in the outbound direction.

-

ipv4

Configures ACL-based IPv4 packet filtering.

-

l2

Configures ACL-based Layer 2 packet filtering.

-

ipv6

Filters IPv6 packets.

-

acl

Filters packets based on the ACL.

-

acl-number

Specifies the number of an ACL.

The value is an integer that ranges from 3000 to 3031 for IPv4 ACLs and IPv6 ACLs and from 4000 to 4031 for Layer 2 ACLs.
  • 3000 to 3031: advanced ACLs
  • 4000 to 4031: Layer 2 ACLs

name acl-name

Filters packets based on a specified named ACL. acl-name specifies the name of the ACL.

The ACL name must exist.

The value range is the same as that of the acl-number parameter.

Views

AP wired port profile view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

On a wireless network, administrators want to provide differentiated services for wireless users. The services may include, but are not limited to the following:
  • Deny or permit access of specified wireless users to specified LAN devices.
  • Deny access of specified wireless users to specified invalid IP addresses.
You can configure ACL-based packet filtering on an AP's wired interface for providing differentiated services.

The rules for an AP's wired interface to filter packets based on ACLs are as follows:

  • If the action in an ACL rule is deny, the device discards packets matching the rule.
  • If the action in an ACL rule is permit, the device forwards packets matching the rule.
  • If no rule is matched, packets are allowed to pass through.
When multiple commands are configured for ACL-based packet filtering in the same direction in the same AP wired port profile view, packets are matched against ACL rules in the sequence in which the commands are configured. If packets match a rule, the system stops the matching process and executes the specified policy. Otherwise, the system continues to match packets against the next rule. If no rule is matched, the packets are allowed to pass through. The following occurs depending on whether packets match ACL rules:
  • If a policy contains only one ACL rule and the ACL rule is matched, the permit or deny action is performed.

  • If a policy contains two ACL rules and the specified action is performed only when the two ACL rules are both matched.

    If the actions in the two ACL rules are both permit, the permit action is performed. Otherwise, the deny action is performed.

If an ACL contains multiple rules, packets are matched against the rules in the ascending order of rule IDs.

Prerequisites

A named ACL has been created using the acl name or acl name command.

Precautions

You can specify an empty ACL in this command, and configure this ACL later.

A maximum of eight ACL-based packet filtering policies can be configured in one direction. The policies take effect in the sequence in which they are configured. To improve match efficiency, you are advised to configure an ACL rule with a high match probability for packet filtering. When configuring each ACL rule, set a small ID for the rule with a high match probability, reducing the number of times ACL rules are matched and saving resources. To change the sequence in which packets are filtered based on ACLs, delete all related configurations and reconfigure ACL-based packet filtering.

Example

# Configure the wired interface GE0 of ap-group1 to filter incoming packets based on ACL 3000.

<HUAWEI> system-view
[HUAWEI] wlan
[HUAWEI-wlan-view] wired-port-profile name wired
[HUAWEI-wlan-wired-port-wired] traffic-filter inbound ipv4 acl 3000
[HUAWEI-wlan-wired-port-wired] quit
[HUAWEI-wlan-view] ap-group name ap-group1
[HUAWEI-wlan-ap-group-ap-group1] wired-port-profile wired gigabitethernet 0
Translation
Download
Updated: 2019-04-09

Document ID: EDOC1100065659

Views: 115899

Downloads: 83

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next