Operation Manual – ACL
H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1
ACL Configuration
1-20
[H3C] acl number 2000
# Define an access rule to deny packets with their source IP addresses being 10.1.1.1,
applying the time range to the ACL.
[H3C-acl-basic-2000] rule 1 deny source 10.1.1.1 0 time-range test
[H3C-acl-basic-2000] quit
3) Apply the ACL on the port
# Apply ACL 2000 on the port.
[H3C] interface gigabitethernet1/1/1
[H3C-GigabitEthernet1/1/1] packet-filter inbound ip-group 2000
1.9.2 Advanced ACL Configuration Example
I. Network requirements
The networks of different departments of an enterprise are interconnected through a
switch. The IP address of the wage query server is 192.168.1.2. The network of the
R&D department is connected to GigabitEthernet1/1/1 of the switch. Apply an ACL to
deny requests sourced from the R&D department and destined for the wage server
during the working hours (8:00 to 18:00).
II. Network diagram
R&D Dept
W
Switch
#1
#3
age query server
192.168.1.2
To router
#2
Figure 1-2 Network diagram for advanced ACL configuration
III. Configuration procedure
Note:
Only the commands related to the ACL configuration are listed below.
1) Define the time range
# Define a periodic time range that is active from 8:00 to 18:00 on each working day.
<H3C> system-view
[H3C] time-range test 8:00 to 18:00 working-day
To Next Page
Loading...
Need help?
General