ACL Configuration Example 179
[3Com-Ethernet2/1/1] packet-filter inbound ip-group traffic-of-host
Layer 2 ACL
Configuration Example
Network requirements
With proper Layer 2 ACL configuration, during the time range from 8:00 to 18:00
everyday the switch filters the packets with source MAC 00e0-fc01-0101 and
destination MAC 00e0-fc01-0303 (configuring at the port Ethernet2/1/1 to the
switch.)
Network diagram
Figure 40 Network diagram for Layer 2 ACL configuration
Configuration procedure
n
Only the commands concerning ACL configuration are listed here.
1 Define the time range.
# Define the time range from 8:00 to 18:00.
[SW8800] time-range 3Com 8:00 to 18:00 daily
2 Define a user-defined flow template
[SW8800] flow-template user-defined slot 2 ethernet-protocol smac 0-0-0 dmac
0-0-0
3 Define the traffic with source MAC 00e0-fc01-0101 and destination MAC
00e0-fc01-0303.
# Create a name-based Layer 2 ACL "traffic-of-link" and enter it.
[SW8800] acl name traffic-of-link link
# Define an ACL rule for the traffic with the source MAC address of
00e0-fc01-0101 and the destination MAC address of 00e0-fc01-0303.
[3Com-acl-link-traffic-of-link] rule 1 deny ingress 00e0-fc01-0101 0-0-0
egress 00e0-fc01-0303 0-0-0 time-range 3Com
[3Com-acl-link-traffic-of-link] quit
4 Apply the user-defined flow template to the port and activate the ACL.
# Apply the user-defined flow template to Ethernet2/1/1.
[SW8800] interface Ethernet2/1/1
[3Com-Ethernet2/1/1] flow-template user-defined
# Activate the ACL "traffic-of-link".
Switch
#1
To route
To Next Page
Loading...
