Configuring ACL-based Packet Filtering
Pre-configuration Tasks
By configuring ACL-based packet filtering, the device permits or rejects packets matching ACL rules to control network traffic.
Configure link layer attributes of interfaces to ensure that the interfaces work properly.
Configure IP addresses and routing protocols for interfaces to ensure connectivity.
Configure an ACL and specifying logging in the rule command when IP information about packets matching ACL rules in logs needs to be recorded.
Procedure
- Run system-view
The system view is displayed.
- Run interface interface-type interface-number
The interface view is displayed.
- Run traffic-filter { inbound | outbound } { acl | ipv6 acl } { acl-number | name acl-name }
ACL-based packet filtering is configured.
Loopback interfaces of the device support traffic-filter inbound acl { acl-number | name acl-name } and undo traffic-filter inbound. That is, traffic-filter can be configured on a loopback interface in the inbound direction, but IPv6 ACLs are not supported.
- Run quit
Exit from the interface view.
- (Optional) Run the acl logging { timeout | update } { interval | default } command to set the log update and aging interval after IP information about packets matching ACL rules is recorded in logs.
Verifying the Configuration
Run the display traffic-filter applied-record command to check ACL-based packet filtering information.
Run the display traffic-filter statistics interface interface-type interface-number { inbound | outbound } or display traffic-filter statistics interface virtual-template vt-number virtual-access va-number { inbound | outbound } command to view traffic statistics about ACL-based packet filtering on an interface.