Wiki

Commands For Vlan-acl

Posted on by admin

Table of Contents

9.10 Commands for VLAN-ACL

9.10.1 clear vacl statistic vlan

Command: clear vacl [in | out] statistic vlan [<1-4094>] Function: This command clears the VACL statistics.
Parameters:

  • in | out: clear the traffic statistic of the ingress/egress.
  • vlan <1-4094>: VLAN which needs to clear the VACL statistics. If a VLAN ID is not entered, then clear all VLAN statistics.

Command mode: Admin Mode
Default: None.
Usage guide: This command clears the VACL statistics.
Example:? Clear VACL statistics of Vlan1.

active500EM#clear vacl statistic vlan 1

 

9.10.2 show vacl vlan

Command: show vacl [in | out] vlan [<1-4094>] | [begin | include | exclude <regular-expression>] Function: This command shows the VACL configuration and the statistics.
Parameters:

  • in | out: display ingress/egress configuration and statistics.
  • vlan <1-4094>: VLAN which needs to show the configuration and the VACL statistics. If the VLAN ID is not entered, then show the VACL configuration and statistics of all VLANs.
  • begin | include | exclude <regular-expression>: regular expression
    • . : match any characters except the line feed character.
    • ^: match the beginning of the row.
    • $: match the end of the row.
    • |: match the character string at the left or right of upright line.
    • [0-9]: match the number 0 to the number 9.
    • [a-z]: match the lowercase a to z.
    • [aeiou]: match any letter in ?aeiou?.
    • : Escape Character is used to match the intervocalic character, for example, $ will match the $ character, but it will not match the end of the character string.
    • w: match the letter, number, or the underline.
    • b: match the beginning or the end of the words.
    • W: match any characters which are not an alphabet letter, number, or underline.
    • B: match the locations which are not the begin or end of the word.
    • [^x]: match any characters except x.
    • [^aeiou]: match any characters except those that include the letters aeiou.
    • *: repeat zero times or many times.
    • +: repeat one time or many times.
    • (n): repeat n times.
    • (n,): repeat n or more times.
    • (n, m): repeat n to m times.
  • At present, the regular expression used does not support the following syntaxes:
    • s: match the blank character.
    • d: match the number.
    • S: match any characters except blank character.
    • D: match non-number character.
    • ?: repeat zero times or one time.

Command mode: Admin Mode
Default: None.
Usage guide: This command shows the VACL configuration and the statistics.
Example: Show VACL configuration and statistics for vlan 2 and vlan 3.

active500EM(config)#show vacl vlan 2
Vlan 2:
IP Ingress access-list used is 100, traffic-statistics Disable.
active500EM(config)#show vacl vlan 3
Vlan 3:
IP Ingress access-list used is myacl, packet(s) number is 5.
Displayed Information Explanation
Vlan 2 The VLAN name
100, myacl The VACL name
traffic-statistics Disable Disable VACL statistic function
packet(s) number is 5 The sum of the out-profile data packets matching this VACL

 

9.10.3 vacl ip access-group

Command: vacl ip access-group {<1-299> | WORD} {in | out} [traffic-statistic] vlan WORD
no vacl ip access-group {<1-299> | WORD} {in | out} vlan WORD
Function: This command configures the IP VACL on the specific VLAN.
Parameters:

  • <1-299> | WORD: configure the numeric IP ACL (include: standard ACL rule <1-99>, extended ACL rule <100-299>) or the named ACL.
  • in | out: filter the ingress/egress traffic.
  • traffic-statistic: enable the matched packet number statistics.
  • vlan WORD: VLAN will be bound to the VACL.

Command mode: Global Mode
Default: None.
Usage guide: Use ?;? or ?-? to input the VLAN or multi-VLANs. Do not exceed 128. The CLI length can not exceed 80 characters. The IP ACL that match the tcp/udp range can not be bound to the VLAN egress direction.
Example: Configure the numeric IP ACL and enable the statistic function for Vlan 1-5, 6, 7-9.

active500EM(config)#vacl ip access-group 1 in traffic-statistic vlan 1-5; 6; 7-9

 

9.10.4 vacl ipv6 access-group

Command: vacl ipv6 access-group (<500-699> | WORD) {in | out } (traffic-statistic|) vlan WORD
no ipv6 access-group {<500-699> | WORD} {in | out } vlan WORD
Function: This command configures the IPv6 VACL on the specific VLAN.
Parameters:

  • <500-699> | WORD: configure the numeric IP ACL (include: IPv6 standard ACL rule <500-599>, IPv6 extended ACL rule <600-699>), or the named ACL.
  • in | out : filter the ingress/egress traffic.
  • traffic-statistic: enable the matched packets number statistics.
  • vlan WORD: the VLAN will be bound to VACL.

Command mode: Global Mode
Default: None.
Usage guide: Use ?;? or ?-? to input the VLAN or multi-VLANs. Do not exceed 128. The CLI length cannot exceed 80 characters. IPv6 ACL that match the flowlabel can not be bound to the VLAN egress direction.
Example: Configure the numeric IPv6 ACL for Vlan 5.

active500EM(config)#vacl ipv6 access-group 600 in traffic-statistic vlan 5

 

9.10.5 vacl mac access-group

Command: vacl mac access-group {<700-1199> | WORD} {in | out } [traffic-statistic] vlan WORD
no vacl mac access-group {<700-1199> | WORD} {in | out } vlan WORD
Function: This command configures MAC type VACL on the specific VLAN.
Parameters:

  • <700-1199> | WORD: configure the numeric IP ACL (include: <700-799> MAC standard access list, <1100-1199> MAC extended access list) or the named ACL.
  • in | out : filter the ingress/egress traffic.
  • traffic-statistic: enable the matched packets number statistics.
  • vlan WORD: the VLAN will be bound to VACL.

Command mode: Global Mode
Default: None.
Usage guide: Use ?;? or ?-? to input the VLAN or multi-VLANs. Do not exceed 128. The CLI length cannot exceed 80 characters.
Example: Configure the numeric MAC ACL for Vlan 1-5.

active500EM(config)#vacl mac access-group 700 in traffic-statistic vlan 1-5

 

9.10.6 vacl mac-ip access-group

Command: vacl mac-ip access-group {<3100-3299> | WORD} {in | out } [traffic-statistic] vlan WORD
no vacl mac-ip access-group {<3100-3299> | WORD} {in | out } vlan WORD
Function: This command configures the MAC-IP type VACL on the specific VLAN.
Parameters:

  • <3100-3299> | WORD: configure the numeric IP ACL or the named ACL.
  • in | out : filter the ingress/egress traffic.
  • traffic-statistic: enable the matched packets number statistics.
  • vlan WORD: the VLAN will be bound to VACL.

Command mode: Global Mode
Default: None.
Usage guide: Use ?;? or ?-? to input the VLAN or multi-VLANs. Do not exceed 128. The CLI length cannot exceed 80 characters. MAC-IP ACL that matches the tcp/udp range can not be bound to the VLAN Egress direction.
Example: Configure the numeric MAC-IP ACL for Vlan 1, 2, 5.

active500EM(config)#vacl mac-ip access-group 3100 in traffic-statistic vlan 1;2;5

 

Return to Controller Wired CLI Table of Contents