Operation Manual – ACL
Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1
ACL Configuration
Huawei Technologies Proprietary
1-20
Note:
Only the commands related to the ACL configuration are listed below.
1) Define the time range
# Define the time range from 8:00 to 18:00.
<Quidway> system-view
[Quidway] time-range test 8:00 to 18:00 daily
2) Define an ACL for packets with the source IP address of 10.1.1.1.
# Create ACL 2000.
[Quidway] acl number 2000
# Define an access rule to deny packets with their source IP addresses being 10.1.1.1.
[Quidway-acl-basic-2000] rule 1 deny source 10.1.1.1 0 time-range test
[Quidway-acl-basic-2000] quit
3) Apply the ACL on the port
# Apply ACL 2000 on the port.
[Quidway] interface gigabitethernet1/0/1
[Quidway-GigabitEthernet1/0/1] packet-filter inbound ip-group 2000
1.9.3 Layer 2 ACL Configuration Example
I. Network requirements
Through Layer 2 ACL configuration, packets with the source MAC address of
00e0-fc01-0101 and destination MAC address of 00e0-fc01-0303 are to be filtered
within the time range from 8:00 to 18:00 everyday. Apply this ACL on
GigabitEthernet1/0/1 port.
II. Network diagram
Switch
#1
To router
Figure 1-3 Network diagram for Layer 2 ACL configuration
III. Configuration procedure
To Next Page
Loading...
