16-3
If you execute the display acl command to display the information about the ACLs, the device outputs
packet filtering statistics except those that have been displayed by the command during that interval.
ACL Application Examples
ACL Application to an Ethernet Interface
Network requirements
As shown in Figure 16-1, apply an ACL to the inbound direction of interface GigabitEthernet 1/0/1 on
Device A so that the interface denies IPv4 packets sourced from Host A from 8:00 to 18:00 everyday.
Configure the device to output log information about how many packets are filtered by this ACL to the
console at an interval of 10 minutes.
Figure 16-1 Network diagram for applying an ACL to an interface for filtering
IP network
GE1/0/1
Host A
192.168.1.2/24
Device A
Host B
192.168.1.3/24
Configuration procedure
# Create a time range named study, setting it to become active from 08:00 to 18:00 everyday.
<DeviceA> system-view
[DeviceA] time-range study 8:00 to 18:00 daily
# Create basic IPv4 ACL 2009.
[DeviceA] acl number 2009
# Create a basic IPv4 ACL rule to deny packets sourced from 192.168.1.2/32 during time range study.
[DeviceA-acl-basic-2009] rule deny source 192.168.1.2 0 time-range study
[DeviceA-acl-basic-2009] quit
# Apply ACL 2009 to the inbound direction of interface GigabitEthernet 1/0/1.
[DeviceA] interface gigabitethernet 1/0/1
[DeviceA-GigabitEthernet1/0/1] packet-filter 2009 inbound
[DeviceA-GigabitEthernet1/0/1] quit
# Set the interval for packet filtering statistics to 10 minutes.
[DeviceA] acl logging frequence 10
# Configure a system information output rule to output log information with severity being
informational to the console.
To Next Page
Loading...
