Operation Manual – ACL
H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1
ACL Configuration
1-22
2) Define an ACL rule for packets with the source MAC address of 000f-e20f-0101
and destination MAC address of 000f-e20f-0303.
# Create ACL 4000 or enter ACL 4000 view.
[H3C] acl number 4000
# Define an ACL rule to deny packets with the source MAC address of 000f-e20f-0101
and destination MAC address of 000f-e20f-0303, specifying the time range named test
for the ACL rule.
[H3C-acl-ethernetframe-4000] rule 1 deny source 000f-e20f-0101 ffff-ffff-ffff
dest 000f-e20f-0303 ffff-ffff-ffff time-range test
[H3C-acl-ethernetframe-4000] quit
3) Apply the ACL on GigabitEthernet1/1/1.
# Apply the ACL on GigabitEthernet1/1/1.
[H3C] interface GigabitEthernet1/1/1
[H3C-GigabitEthernet1/1/1] packet-filter inbound link-group 4000
1.9.4 User-Defined ACL Configuration Example
I. Network requirements
Apply an ACL on Ethernet1/0/1 to deny all the TCP packets within the time range from
8:00 to 18:00 everyday.
II. Network diagram
Switch
#1
To router
Switch
#1
To router
Figure 1-4 Network diagram for user-defined ACL configuration
III. Configuration procedure
Note:
Only the commands related to the ACL configuration are listed below.
1) Define the time range.
# Define a periodic time range that is active from 8:00 to 18:00 everyday.
[H3C] time-range aaa 8:00 to 18:00 daily
To Next Page
Loading...
Need help?
General