Switch 7700 Configuration Guide, v2
192 CHAPTER 7: QOS/ACL OPERATION
The numbered interface ACLs can be identified with numbers ranging from 1000
to 1999.
Notes: The Switch 7700 does not have any Layer-3 physical interface but has
Layer-3 VLAN virtual interface. Therefore when the command line prompts for the
input interface type, you can only select Vlan-interface. Otherwise, the system will
display a failure message.
Interface ACL is only used to filter or classify the data treated by the software of
the switch.
Define Layer-2 ACL
The rules of Layer-2 ACL are defined on the basis of the Layer-2 information, such
as source MAC address, source VLAN ID, Layer-2 protocol type, Layer-2 packet
fomat, and destination MAC address.
Perform the following configuration in the designated view.
Layer-2 ACL can be identified with numbers ranging from 200 to 299.
Activating ACL Perform the following configuration in the interface view, from the QoS menu.
See the Switch 7700 Command Reference Guide for additional details.
Tab le 7 Define Layer-2 ACL
Operation Command
Enter Layer-2 ACL view(from
system view)
acl { number acl-number | name acl-name link } [
match-order { config | auto } ]
Add a sub-item to the ACL(from
Layer-2 ACL view)
rule [ rule-id ] { permit | deny } [ protocol-type ] [
format-type ] ingress { [ source-vlan-id ] [ source-mac-addr
] | any } egress { [ dest-mac-addr ] [ destination-vlan-id ] |
any } [ time-range name ]
Delete a sub-item from the
ACL(from Layer-2 ACL view)
undo rule rule-id
Delete one ACL or all the ACL(from
system view)
undo acl { number acl-number | name acl-name | all }
Tab le 8 Activate ACL
Operation Command
Activate an ACL packet-filter inbound { [ ip-group { acl-number |
acl-name } [ rule rule ] ] | [ link-group { acl-number |
acl-name } [ rule rule ] ] }
Deactivate an ACL undo packet-filter inbound { [ ip-group { acl-number |
acl-name } [ rule rule ] ] | [ link-group { acl-number |
acl-name } [ rule rule ] ] }