Acl Application To A Vlan Interface - H3C S5120-EI Series Operation Manual

[DeviceA] interface gigabitethernet 1/0/1
[DeviceA-GigabitEthernet1/0/1] packet-filter 2009 inbound
[DeviceA-GigabitEthernet1/0/1] quit
# Set the interval for packet filtering statistics to 10 minutes.
[DeviceA] acl logging frequence 10
# Configure a system information output rule to output log information with severity being
informational to the console.
[DeviceA] info-center source default channel 0 log level informational

ACL Application to a VLAN Interface

Network requirements
As shown in Figure
Device A so that the interface denies IPv4 packets sourced from Host A from 14:00 to 18:00 of the
working days, and allows packets traveling between Host A and Host B.
Figure 4-2 Network diagram for applying an ACL to a VLAN interface for filtering
Host A
192.168.1.2
Vlan-int100
192.168.1.1
Host B
192.168.1.3
Configuration procedure
# Create a time range named study, setting it to become active from 08:00 to 18:00 of the working
days.
<DeviceA> system-view
[DeviceA] time-range study 14:00 to 18:00 working-day
# Create basic IPv4 ACL 2010.
[DeviceA] acl number 2010
# Create a basic IPv4 ACL rule to deny packets sourced from 192.168.1.2/32 during time range study.
[DeviceA-acl-basic-2009] rule deny source 192.168.1.2 0 time-range study
[DeviceA-acl-basic-2009] quit
# Apply ACL 2010 to the inbound direction of interface VLAN-interface 100,
[DeviceA] interface vlan-interface 100
[DeviceA-Vlan-interface100] packet-filter 2010 inbound
4-2, apply an ACL to the inbound direction of interface VLAN-interface 100 on
Server
192.168.5.100
4-4