Table of Contents
Advertisement
<device> system-view
[device] time-range test 8:00 to 18:00 daily
# Define ACL 4000 to filter packets with the source MAC address of 000f-e20f-0101 and the destination
MAC address of 000f-e20f-0303.
[device] acl number 4000
[device-acl-ethernetframe-4000] rule 1 deny source 000f-e20f-0101 ffff-ffff-ffff dest
000f-e20f-0303 ffff-ffff-ffff time-range test
[device-acl-ethernetframe-4000] quit
# Apply ACL 4000 on GigabitEthernet 1/0/1.
[device] interface GigabitEthernet1/0/1
[device-GigabitEthernet1/0/1] packet-filter inbound link-group 4000
Example for Applying an ACL to a VLAN
Network requirements
As shown in
Figure
GigabitEthernet 1/0/1, GigabitEthernet 1/0/2 and GigabitEthernet 1/0/3 respectively. The IP address of
the database server is 192.168.1.2. Apply an ACL to deny packets from PCs in VLAN 10 to the
database server from 8:00 to 18:00 in working days.
Figure 1-6 Network diagram for applying an ACL to a VLAN
GEth1/0/1
GEth 1/0/2
VLAN 10
PC1
Configuration procedure
# Define a periodic time range that is active from 8:00 to 18:00 in working days.
<device> system-view
[device] time-range test 8:00 to 18:00 working-day
# Define an ACL to deny packets destined for the database server.
[device] acl number 3000
[device-acl-adv-3000] rule 1 deny ip destination 192.168.1.2 0 time-range test
[device-acl-adv-3000] quit
1-6, PC1, PC2 and PC3 belong to VLAN 10 and connect to the device through
Database Server
192.168.1.2
GEth 1/0/3
PC 2
PC 3
1-15
- Quick Links:
- Cli Configuration
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
