Acl Configuration Examples; Ipv4 Acl Application Configuration Example - HP A5120 EI Series Configuration Manual

To do...
Clear statistics on one or all IPv6
basic and advanced ACLs

ACL configuration examples

IPv4 ACL application configuration example

Network requirements
As shown in
Device A so that every day from 08:00 to 18:00 the interface allows only packets sourced from Host A to
pass. Configure Device A to output packet filtering logs to the console at 10-minute intervals.
Figure 1 Network diagram for applying an IPv4 ACL to an interface for packet filtering
Host A
192.168.1.2/24
Host B
192.168.1.3/24
Configuration procedure
# Create a time range from 08:00 to 18:00 every day.
<DeviceA> system-view
[DeiceA] time-range study 8:00 to 18:00 daily
# Create IPv4 ACL 2009, and configure two rules in the ACL. One rule permits packets sourced from
Host A at 192.168.1.2 and the other rule denies packets sourced from any other host during the time
range study. Enable logging for both rules.
[DeviceA] acl number 2009
[DeviceA-acl-basic-2009] rule permit source 192.168.1.2 0 time-range study logging
[DeviceA-acl-basic-2009] rule deny source any time-range study logging
[DeviceA-acl-basic-2009] quit
# Apply IPv4 ACL 2009 to filter incoming packets on GigabitEthernet 1/0/1.
[DeviceA] interface gigabitethernet 1/0/1
[DeviceA-GigabitEthernet1/0/1] packet-filter 2009 inbound
[DeviceA-GigabitEthernet1/0/1] quit
# Enable the device to generate and output IPv4 packet filtering logs at 10-minute intervals.
[DeviceA] acl logging frequence 10
# Configure the device to output informational log messages to the console.
[DeviceA] info-center source default channel 0 log level informational
Use the command...
reset acl ipv6 counter { acl6-number | all |
name acl6-name }
Figure 1, apply an ACL to the inbound direction of interface GigabitEthernet 1/0/1 on
GE1/0/1
Device A
IP network
12
Remarks
Available in user view