1-18
Example for Applying an ACL to a VLAN
Network requirements
PC 1, PC 2 and PC 3 belong to VLAN 10 and connect to the switch through Ethernet 1/0/1,
Ethernet 1/0/2 and Ethernet 1/0/3 respectively. The IP address of the database server is
192.168.1.2. Apply an ACL to deny packets from PCs in VLAN 10 to the database server
from 8:00 to 18:00 in working days.
Network diagram
Figure 1-7 Network diagram for applying an ACL to a VLAN
Eth1/0/1
PC 1 PC 3
Database server
PC 2
VLAN 10
Eth1/0/2
Eth1/0/3
192.168.1.2
Configuration procedure
# Define a periodic time range that is active from 8:00 to 18:00 in working days.
<Sysname> system-view
[Sysname] time-range test 8:00 to 18:00 working-day
# Define an ACL to deny packets destined for the database server.
[Sysname] acl number 3000
[Sysname-acl-adv-3000] rule 1 deny ip destination 192.168.1.2 0 time-range test
[Sysname-acl-adv-3000] quit
# Apply ACL 3000 to VLAN 10.
[Sysname] packet-filter vlan 10 inbound ip-group 3000
To Next Page
Loading...
