Packet filtering does not take effect on the outbound orientation of the 7506X-G vlan interface
- 0 Followed
- 0Collected ,42Browsed
Problem Description
7506X-G device, packet filtering configured in the out orientation of the vlan interface, with the downlink port as access, found not effective
Process Analysis
1.1.11.9.4 Apply on the interfaceACLPerform packet filtering
1. Configuration restrictions and guidelines
A maximum of 32 ACLs can be applied for packet filtering in one orientation on an interface.
When applying ACL for packet filtering on the VLAN interface outbound orientation, untagged packets cannot be matched.
User ACL cannot be applied for packet filtering on the interface outbound orientation.
The following limitations apply to LSCM2 series SC boards, SD series interface boards, and SF series interface boards:
Only the host-side VLAN interface supports using expansion AC resources for outbound packet filtering, with a maximum of 200 VLAN interfaces supporting this function.
Using expansion AC resources for outbound packet filtering on a VLAN interface is mutually exclusive with microsegmentation; the latter configuration will not take effect.
Using expansion AC resources for outbound packet filtering on a VLAN interface and executepacket-filter filterThe command is used to configure the mutual exclusion of the function that filters all packets on a VLAN interface. Do not configure them simultaneously.
Solution
Consider performing inbound packet filtering or packet filtering on the physical interface