packet-filter
Use packet-filter to apply an ACL to an interface to filter packets.
Use undo packet-filter to remove an ACL from an interface.
Syntax
packet-filter [ ipv6 ] { acl-number | name acl-name } { inbound | outbound } [ hardware-count ]
undo packet-filter [ ipv6 ] { acl-number | name acl-name } { inbound | outbound }
Default
An interface does not filter packets.
Views
Layer 2 Ethernet interface view, VLAN interface view
Predefined user roles
network-admin
Parameters
ipv6: Specifies IPv6 ACLs.
acl-number: Specifies an ACL by its number.
2000 to 2999 for basic ACLs.
3000 to 3999 for advanced ACLs.
4000 to 4999 for Ethernet frame header ACLs. You cannot specify an Ethernet frame header ACL if the ipv6 keyword is specified.
name acl-name: Specifies an ACL by its name. The acl-name argument is a case-insensitive string of 1 to 63 characters. It must start with an English letter.
inbound: Filters incoming packets.
outbound: Filters outgoing packets.
hardware-count: Enables counting ACL rule matches performed in hardware. This keyword enables match counting for all rules in an ACL, and the counting keyword in the rule command enables match counting specific to rules. If the hardware-count keyword is not specified, rule matches for the ACL are not counted.
Examples
# Apply IPv4 basic ACL 2001 to filter incoming traffic on GigabitEthernet 1/0/1, and enable counting ACL rule matches performed in hardware.
<Sysname> system-view [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] packet-filter 2001 inbound hardware-count
Related commands
display packet-filter
display packet-filter statistics
display packet-filter verbose