Advanced Acl Configuration Example - H3C S9500 Series Operation Manual

Operation Manual – ACL
H3C S9500 Series Routing Switches
2) Define the traffic with source IP 10.1.1.1.
# Create a name-based basic ACL named traffic-of-host.
[H3C] acl name traffic-of-host basic
# Define an ACL rule for the ACL.
[H3C-acl-basic-traffic-of-host] rule 1 deny source 10.1.1.1 0 time-range test
[H3C-acl-basic-traffic-of-host] quit
3) Activate the ACL.
# Activate the ACL.
[H3C] interface ethernet2/1/1
[H3C-Ethernet2/1/1] packet-filter inbound ip-group traffic-of-host

1.4.2 Advanced ACL Configuration Example

I. Network requirements
A company deploys two VLANs in the intranet. The research and development
(R&D) department belongs to VLAN 10 (10.10.10.0/24) and the human resource
(HR) department belongs to VLAN 11 (10.11.11.0/24).
PCs in the R&D department are connected to GigabitEthernet 2/1/1 through
GigabitEthernet 2/1/4 of the switch. PCs in the HR department are connected to
GigabitEthernet 3/1/1 through GE 3/1/5.
The wage server (Server in the figure), whose IP address is 10.11.11.11/24, is in
the HR department.
The requirement is to configure an ACL to inhibit the R&D department, except for
PCs 10.10.10.2/24 and 10.10.10.3/24, from accessing the wage server from 8:00
to 18:00 every working day.
II. Network diagram
Figure 1-2 Network diagram for advanced ACL configuration
1-16
Chapter 1 ACL Configuration