Operation Manual – ACL
H3C S3100 Series Ethernet Switches Chapter 1 ACL Configuration
1-18
1.6.4 Example for Applying an ACL to a Port Group
I. Network requirements
PC 1, PC 2 and PC 3 connect to the switch through Ethernet 1/0/1, Ethernet 1/0/2 and
Ethernet 1/0/3 respectively. Ethernet 1/0/1, Ethernet 1/0/2 and Ethernet 1/0/3 are port
members of port group 1. The IP address of the database server is 192.168.1.2. Apply
an ACL to deny packets from PCs in port group 1 to the database server from 8:00 to
18:00 in working days.
II. Network diagram
Eth1/0/1
PC 1 PC 3
Database server
PC 2
Port group 1
Eth1/0/2
Eth1/0/3
192.168.1.2
Figure 1-6 Network diagram for applying an ACL to a port group
III. Configuration procedure
# Define a periodic time range that is active from 8:00 to 18:00 in working days.
<Sysname> system-view
[Sysname] time-range test 8:00 to 18:00 working-day
# Define an ACL to deny packets destined for the database server.
[Sysname] acl number 3000
[Sysname-acl-adv-3000] rule 1 deny ip destination 192.168.1.2 0 time-range
test
[Sysname-acl-adv-3000] quit
# Create port group 1 and add Ethernet 1/0/1, Ethernet 1/0/2, and Ethernet 1/0/3 in the
port group 1.
[Sysname] port-group 1
[Sysname-port-group-1] port Ethernet 1/0/1 to Ethernet 1/0/3
# Apply ACL 3000 to port group 1.
To Next Page
Loading...
