How Can I Apply an ACL to a VLAN?

You can use either of the following methods to associate an ACL with a service module (traffic policy or simplified traffic policy), and apply the ACL to a VLAN:

The following commands are only for you reference. You should comply with the command line syntax of the version running on your device.

• Method 1: Apply a traffic policy to a VLAN.

  1. Configure a traffic classifier.
     1. Run the traffic classifier classifier-name [ operator { and | or } ] [ precedence precedence-value ] command in the system view to enter the traffic classifier view.
     2. Run the if-match acl { acl-number | acl-name } command to apply an ACL to the traffic classifier.

  2. Configure a traffic behavior.

     Run the traffic behavior behavior-name command in the system view to create a traffic behavior and enter the traffic behavior view.

  3. Configure a traffic action.

     There are two actions for packet filtering: deny and permit. For other traffic actions, see Configuration Guide - QoS of the corresponding product version.

  4. Configure a traffic policy.

     1. Run the traffic policy policy-name [ match-order { auto | config } ] command in the system view to create a traffic policy and enter the traffic policy view.

     2. Run the classifier classifier-name behavior behavior-name command to configure a traffic behavior for the specified traffic classifier in the traffic policy. That is, bind the traffic behavior to the classifier.

  5. Apply the traffic policy.

     Run the traffic-policy policy-name { inbound | outbound } command in the VLAN view to apply the traffic policy.

• Method 2: Apply the simplified traffic policy with the specified VLAN ID globally.

  Run the following commands in the system view:

  • Packet filtering based on ACL

    • traffic-filter vlan vlan-id inbound acl xxx
    • traffic-filter vlan vlan-id outbound acl xxx
    • traffic-secure vlan vlan-id inbound acl xxx

  • Traffic policing based on ACL

    • traffic-limit vlan vlan-id inbound acl xxx
    • traffic-limit vlan vlan-id outbound acl xxx

  • Redirection based on ACL

    traffic-redirect vlan vlan-id inbound acl xxx

  • Re-mark based on ACL

    • traffic-remark vlan vlan-id inbound acl xxx
    • traffic-remark vlan vlan-id outbound acl xxx

  • Traffic statistics collection based on ACL

    • traffic-statistic vlan vlan-id inbound acl xxx
    • traffic-statistic vlan vlan-id outbound acl xxx

  • Traffic mirroring based on ACL

    traffic-mirror vlan vlan-id inbound acl xxx