To do...
Clear statistics on one or all IPv6
basic and advanced ACLs
ACL configuration examples
IPv4 ACL application configuration example
Network requirements
As shown in
Device A so that every day from 08:00 to 18:00 the interface allows only packets sourced from Host A to
pass. Configure Device A to output packet filtering logs to the console at 10-minute intervals.
Figure 1 Network diagram for applying an IPv4 ACL to an interface for packet filtering
Host A
192.168.1.2/24
Host B
192.168.1.3/24
Configuration procedure
# Create a time range from 08:00 to 18:00 every day.
<DeviceA> system-view
[DeiceA] time-range study 8:00 to 18:00 daily
# Create IPv4 ACL 2009, and configure two rules in the ACL. One rule permits packets sourced from
Host A at 192.168.1.2 and the other rule denies packets sourced from any other host during the time
range study. Enable logging for both rules.
[DeviceA] acl number 2009
[DeviceA-acl-basic-2009] rule permit source 192.168.1.2 0 time-range study logging
[DeviceA-acl-basic-2009] rule deny source any time-range study logging
[DeviceA-acl-basic-2009] quit
# Apply IPv4 ACL 2009 to filter incoming packets on GigabitEthernet 1/0/1.
[DeviceA] interface gigabitethernet 1/0/1
[DeviceA-GigabitEthernet1/0/1] packet-filter 2009 inbound
[DeviceA-GigabitEthernet1/0/1] quit
# Enable the device to generate and output IPv4 packet filtering logs at 10-minute intervals.
[DeviceA] acl logging frequence 10
# Configure the device to output informational log messages to the console.
[DeviceA] info-center source default channel 0 log level informational
Use the command...
reset acl ipv6 counter { acl6-number | all |
name acl6-name }
Figure
1, apply an ACL to the inbound direction of interface GigabitEthernet 1/0/1 on
GE1/0/1
Device A
IP network
12
Remarks
Available in user view