22
b. Create a rule to match packets from the R&D department to the salary server in
the time range:
[AC-acl-adv-3000] rule 0 permit ip source any destination 192.168.1.2
0.0.0.0 time-range trname
[AC-acl-adv-3000] quit
3. Apply the ACL
Apply IPv4 ACL 3000 to filter incoming packets on interface WLAN-ESS 1.
[AC] traffic classifier test
[AC-classifier-test] if-match acl 3000
[AC-classifier-test] quit
[AC] traffic behavior test
[AC-behavior-test] filter deny
[AC-behavior-test] quit
[AC] qos policy test
[AC-qospolicy-test] classifier test behavior test
[AC-qospolicy-test] quit
[AC] interface WLAN-ESS 1
[AC-WLAN-ESS1] qos apply policy test inbound
IPv6 ACL configuration example
Network requirements
Perform IPv6 packet filtering in the inbound direction of interface WLAN-ESS 1 to deny all
IPv6 packets but those with source addresses in the range 4050::9000 to 4050::90FF.
Configuration procedure
1. Create an IPv6 ACL:
<Sysname> system-view
[Sysname] acl ipv6 number 2000
[Sysname-acl6-basic-2000] rule deny source 4050::9000 120
[Sysname-acl6-basic-2000] rule permit source any
[Sysname-acl6-basic-2000] quit
2. Configure a traffic classifier:
[Sysname] traffic classifier ipv6-2000
[Sysname-classifier-ipv6-2000] if-match acl ipv6 2000
[Sysname-classifier-ipv6-2000] quit
3. Configure a traffic behavior:
[Sysname] traffic behavior deny
[Sysname-behavior-deny] filter deny
[Sysname] quit
4. Configure a QoS policy:
To Next Page
Loading...
