Operation Manual – QoS/ACLH3C S9500 Series Routing Switches Chapter 1 ACL Configuration1-11Table 1-11 Define Layer 2 ACLsOperation CommandEnter Layer 2 ACL view(system view)acl { number acl-number | name acl-name link }[ match-order { config | auto } ]Define an ACL rule (in Layer2 ACL view)rule [ rule-id ] { permit | deny } [ cos cos-value |c-tag-cos c-cos-value | exp exp-value |protocol-type| ingress { { source-vlan-id [ tosource-vlan-id-end ] | source-mac-addrsource-mac-wildcard | c-tag-vlan c-tag-valnid }*|any } | egress { dest-mac-addr dest-mac-wildcard |any } | s-tag-vlan s-tag-vlanid | time-range name ]*Delete an ACL rule (Layer 2ACL view) undo rule rule-idDelete an ACL or all ACLs(system view)undo acl { number acl-number | name acl-name |all }1.2.4 Activating ACLAfter defining an ACL, you must activate it. This configuration activates those ACLs tofilter or classify the packets forwarded by hardware.For interface cards, perform the following configurations in Ethernet port view.Table 1-12 Activate ACLOperation CommandActivate IP group ACL packet-filter inbound ip-group { acl-number |acl-name } [ rule rule [ system-index index ] ]Deactivate IP group ACL undo packet-filter inbound ip-group { acl-number |acl-name } [ rule rule ]Activate IP group ACLand link group ACL atsame timepacket-filter inbound ip-group { acl-number |acl-name } { rule rule link-group { acl-number |acl-name } [ rule rule [ system-index index ] ] |link-group { acl-number | acl-name } rule rule }Deactivate IP group ACLand link group ACL atsame timeundo packet-filter inbound ip-group { acl-number |acl-name } { rule rule link-group { acl-number |acl-name } [ rule rule ] | link-group { acl-number |acl-name } rule rule }Activate link group ACL packet-filter inbound link-group { acl-number |acl-name } [ rule rule [ system-index index ] ]Deactivate link groupACLundo packet-filter inbound link-group { acl-number |acl-name } [ rule rule ]For service processor cards, perform the following configurations in VLAN view.
