Operation Manual – ACL
Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1
ACL Configuration
Huawei Technologies Proprietary
1-19
Note:
Only the commands related to the ACL configuration are listed below.
1) Define the time range
# Define a time range that contain a periodic time section from 8:00 to 18:00.
<Quidway> system-view
[Quidway] time-range test 8:00 to 18:00 working-day
2) Define an ACL for filtering requests destined for the wage server.
# Create ACL 3000.
[Quidway] acl number 3000
# Define an ACL rule for requests destined for the wage server.
[Quidway-acl-adv-3000] rule 1 deny ip destination 192.168.1.2 255.255.255.0
time-range test
[Quidway-acl-adv-3000] quit
3) Apply the ACL on the port.
# Apply ACL 3000 on the port.
[Quidway] interface gigabitethernet1/0/1
[Quidway-GigabitEthernet1/0/1] packet-filter inbound ip-group 3000
1.9.2 Basic ACL Configuration Example
I. Network requirements
Through basic ACL configuration, packets from the host with the source IP address of
10.1.1.1 (the host is connected to the switch through GigabitEthernet1/0/1 port) are to
be filtered within the time range from 8:00 to 18:00 everyday.
II. Network diagram
Switch
#1
To router
Figure 1-2 Network diagram for basic ACL configuration
III. Configuration procedure
To Next Page
Loading...
