How Can I Apply an ACL to an Interface?

An ACL cannot be directly applied to an interface. You can use either of the following methods to associate an ACL with a service module (traffic policy or simplified traffic policy), and apply the ACL to an interface:

The following commands are only for you reference. You should comply with the command line syntax of the version running on your device.

Since V200R009, traffic policy can be applied to VLANIF interfaces only on the S5720-EI, S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720-HI, S6720S-EI, S6730-H, S6730S-H, S6730-S, and S6730S-S.

• Method 1: Apply a traffic policy to an interface.

  1. Configure a traffic classifier.
     1. Run the traffic classifier classifier-name [ operator { and | or } ] [ precedence precedence-value ] command in the system view to enter the traffic classifier view.
     2. Run the if-match acl { acl-number | acl-name } command to apply an ACL to the traffic classifier.

  2. Configure a traffic behavior.

     Run the traffic behavior behavior-name command in the system view to create a traffic behavior and enter the traffic behavior view.

  3. Configure a traffic action.

     There are two actions for packet filtering: deny and permit. For other traffic actions, see Configuration Guide - QoS of the corresponding product version.

  4. Configure a traffic policy.

     1. Run the traffic policy policy-name [ match-order { auto | config } ] command in the system view to create a traffic policy and enter the traffic policy view.

     2. Run the classifier classifier-name behavior behavior-name command to configure a traffic behavior for the specified traffic classifier in the traffic policy. That is, bind the traffic behavior to the classifier.

  5. Apply the traffic policy.

     Run the traffic-policy policy-name { inbound | outbound } command in the interface view to apply the traffic policy.

• Method 2: Apply a simplified traffic policy to an interface.

  Run the following commands in the interface view:

  • Packet filtering based on ACL

    • traffic-filter inbound acl xxx
    • traffic-filter outbound acl xxx
    • traffic-secure inbound acl xxx

  • Traffic policing based on ACL

    • traffic-limit inbound acl xxx
    • traffic-limit outbound acl xxx

  • Redirection based on ACL

    traffic-redirect inbound acl xxx

  • Re-mark based on ACL

    • traffic-remark inbound acl xxx
    • traffic-remark outbound acl xxx

  • Traffic statistics collection based on ACL

    • traffic-statistic inbound acl xxx
    • traffic-statistic outbound acl xxx

  • Traffic mirroring based on ACL

    traffic-mirror inbound acl xxx