H3C S9500 Series Operation Manual page 1121

Operation Manual – ACL
H3C S9500 Series Routing Switches
[H3C-acl-link-traffic-of-link] quit
4) Apply the user-defined flow template to the port and activate the ACL.
# Apply the user-defined flow template to Ethernet 2/1/1.
[H3C] interface ethernet2/1/1
[H3C-Ethernet2/1/1] flow-template user-defined
# Activate the ACL named traffic-of-link.
[H3C-Ethernet2/1/1] packet-filter inbound link-group traffic-of-link
1.4.4 Configuration Example of Layer 2 ACL for Filtering ARP Packets
I. Network requirements
The switch acts as a gateway and a PC is attached to it. The PC attacks the switch by
sending a large quantity of ARP packets, burdening the switch CPU.
Configure the switch to drop ARP packets from the PC. Assume that the source MAC
address of the PC is 010A-E201-0101.
II. Network diagram
Figure 1-4 Network diagram for Layer 2 ACL configuration (for filtering ARP packets)
III. Configuration procedure
1) Configure a Layer 2 ACL and define the ACL rule.
<H3C> system-view
[H3C] acl number 4000
[H3C-acl-link-4000] rule 0 deny arp ingress 010a-e201-0101 0-0-0
[H3C-acl-link-4000] quit
2) Enter port view of Ethernet 2/1/1, and apply the ACL on the port.
[H3C] interface ethernet 2/1/1
[H3C-Ethernet2/1/1] packet-filter inbound link-group 4000 rule 0
1.4.5 Example of BT Traffic Control Configuration
I. Network requirements
BitTorrent (BT) is a kind of shared software for file download. Its feature is as follows:
The more people are using it to download a file, the faster the file downloads. While BT
1-19
Chapter 1 ACL Configuration