packet-filter

Use packet-filter to apply an ACL to an interface to filter packets.

Use undo packet-filter to remove an ACL from an interface.

Syntax

packet-filter [ ipv6 ] { acl-number | name acl-name } { inbound | outbound } [ hardware-count ]

undo packet-filter [ ipv6 ] { acl-number | name acl-name } { inbound | outbound }

Default

An interface does not filter packets.

Views

Layer 2 Ethernet interface view, VLAN interface view

Predefined user roles

network-admin

Parameters

ipv6: Specifies IPv6 ACLs.

acl-number: Specifies an ACL by its number.

name acl-name: Specifies an ACL by its name. The acl-name argument is a case-insensitive string of 1 to 63 characters. It must start with an English letter.

inbound: Filters incoming packets.

outbound: Filters outgoing packets.

hardware-count: Enables counting ACL rule matches performed in hardware. This keyword enables match counting for all rules in an ACL, and the counting keyword in the rule command enables match counting specific to rules. If the hardware-count keyword is not specified, rule matches for the ACL are not counted.

Examples

# Apply IPv4 basic ACL 2001 to filter incoming traffic on GigabitEthernet 1/0/1, and enable counting ACL rule matches performed in hardware.

<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] packet-filter 2001 inbound hardware-count

Related commands