Huawei Quidway S9300 Configuration Manual page 287

Quidway S9300 Terabit Routing Switch
Configuration Guide - Security
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
3.
4.
5.
Data Preparation
To complete the configuration, you need the following data:
l
l
l
l
l
Procedure
Step 1 Configure an ACL.
# Configure the required layer 2 ACL.
[Quidway] acl 4000
[Quidway-acl-ethernetframe-4000] rule deny source-mac 00e0-f201-0101 ffff-ffff-
ffff dest-mac 0260-e207-0002 ffff-ffff-ffff
[Quidway-acl-ethernetframe-4000] quit
Step 2 Configure the traffic classifier that is based on the ACL.
# Configure the traffic classifier tc1 to classify packets that match ACL 4000.
[Quidway] traffic classifier tc1
[Quidway-classifier-tc1] if-match acl 4000
[Quidway-classifier-tc1] quit
Step 3 Configure the traffic behavior.
# Configure the traffic behavior tb1 to reject packets.
[Quidway] traffic behavior tb1
[Quidway-behavior-tb1] deny
[Quidway-behavior-tb1] quit
Step 4 Configure the traffic policy.
# Configure the traffic policy tp1 and associate tc1 and tb1 with the traffic policy.
[Quidway] traffic policy tp1
[Quidway-trafficpolicy-tp1] classifier tc1 behavior tb1
[Quidway-trafficpolicy-tp1] quit
Step 5 Apply the traffic policy.
# Apply the traffic policy tp1 to GE 2/0/1.
Issue 06 (2010–01–08)
Configure the ACL.
Configure the traffic classifier.
Configure the traffic behavior.
Configure the traffic policy.
Apply the traffic policy to an interface.
ACL ID and rules
Name of the traffic classifier and classification rules
Name of the traffic behavior and actions
Name of the traffic policy, and traffic classifier and traffic behavior associated with the
traffic policy
Interface that a traffic policy is applied to
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
11 ACL Configuration
11-21