There is a tricky “new” behavior in Comware7 Layer3 VLAN ACL processing: the applied ACL does not only filter the inter-vlan routed traffic (as would be expected), but it is applied to intra-vlan switched traffic as well by default. This behavior can now be controlled, so the admin can revert it to the “expected” behavior:
On the routed context, e.g. the Vlan Interface, there is now an option to control whether the admin wants the ACL to be applied to routed traffic only or routed+switched traffic.
# Enter Layer3 Vlan Interface [HP] interface vlan 10 # Apply some advanced ACL on the interface [HP-Vlan-interface10] packet-filter 3001 inbound # Configure packet filter for routed traffic only [HP-Vlan-interface10] packet-filter filter route # Packet filter for routed+switched traffic in the vlan # WARNING: this is the default ! [HP-Vlan-interface10] packet-filter filter all