apply interface-address(ACL address pool view)

Function

The apply interface-address command associates an interface IP address with an address pool.

The undo apply interface-address command disassociates an interface IP address from an address pool.

By default, an address pool is not associated with any interface IP address.

Format

apply interface-address { main-interface | sub-interface | all-interface } [ public-vpn | all-private-vpn | vpn-instance VpnInstanceName ]

undo apply interface-address { main-interface | sub-interface | all-interface } [ public-vpn | all-private-vpn | vpn-instance VpnInstanceName ]

Parameters

Parameter Description Value
main-interface

Associates the IP addresses of all main interfaces with an address pool.

-
sub-interface

Associates the IP addresses of all sub-interfaces with an address pool.

-
all-interface

Associates all interface IP addresses with an address pool.

-
public-vpn

Associates all public IP addresses of an interface with an address pool.

-
all-private-vpn

Associates all private IP addresses of an interface with an address pool.

-
vpn-instance VpnInstanceName

Associates a single private IP address of an interface with an address pool.

The value is a string of 1 to 31 case-sensitive characters, spaces not supported. The VPN instance name cannot be _public_. When double quotation marks are used around the string, spaces are allowed in the string.

Views

ACL address pool view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
acl write

Usage Guidelines

Usage Scenario

To filter packets whose source or destination IP address is the IP address of the local interface, run the apply interface-address command to associate the interface IP address with the ACL address pool and configure QoS or security services to reference the ACL. In this way, the traffic whose source/destination address is the IP address of the local interface is filtered.

Multiple IP addresses can be configured in the ACL address pool view and then referenced by ACL rules. After an ACL address pool is associated with an interface address, if the IP address of the interface changes, the IP address in the ACL address pool changes accordingly. This simplifies user configuration and improves flexibility.

Precautions

In the ACL address pool view, the associated interface IP address is mutually exclusive with the manually configured IP address. You can only run the apply interface-address or ip address command.

The IP address of the management interface cannot be applied to the ACL address pool.

Example

# Associate the ACL address pool with all interface IP addresses and a single private IP address.
<HUAWEI> system-view
[~HUAWEI] ip vpn-instance vpn1
[*HUAWEI-vpn-instance-vpn1] ipv4-family
[*HUAWEI-vpn-instance-vpn1-af-ipv4] quit
[*HUAWEI-vpn-instance-vpn1] quit
[*HUAWEI] acl ip-pool test
[*HUAWEI-acl-ip-pool-test] apply interface-address all-interface vpn-instance vpn1
Parent Topic: ACL Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >