Huawei Quidway S3700 Series Configuration Manual page 260

Quidway S3700 Series Ethernet Switches
Configuration Guide - Security
1.
2.
3.
4.
5.
Data Preparation
To complete the configuration, you need the following data:
l
l
l
l
Procedure
Step 1 Configure an ACL.
# Configure a customized ACL.
[Quidway] acl 5000
[Quidway-acl-user-5000] rule deny l2-head 0x0180C200 0xFFFFFFFF 14
[Quidway-acl-user-5000] quit
Step 2 # Configure a traffic classifier based on the customized ACL.
# Configure the traffic classifier tc1 to classify the packets that match ACL 5000.
[Quidway] traffic classifier tc1
[Quidway-classifier-tc1] if-match acl 5000
[Quidway-classifier-tc1] quit
Step 3 Configure a traffic behavior.
# Configure the traffic behavior tb1 to reject packets.
[Quidway] traffic behavior tb1
[Quidway-behavior-tb1] deny
[Quidway-behavior-tb1] quit
Step 4 Configure a traffic policy.
# Define the traffic policy and associate the traffic classifier and traffic behavior with the traffic
policy.
[Quidway] traffic policy tp1
[Quidway-trafficpolicy-tp1] classifier tc1 behavior tb1
[Quidway-trafficpolicy-tp1] quit
Step 5 Apply the traffic policy to an interface.
# Apply the traffic policy to GE 0/0/2.
[Quidway] interface gigabitethernet 0/0/2
[Quidway-GigabitEthernet0/0/2] traffic-policy tp1 inbound
[Quidway-GigabitEthernet0/0/2] quit
Step 6 Verify the configuration.
# Check the configuration of the ACL rule.
Issue 01 (2011-07-15)
Configure an ACL.
Configure a traffic classifier.
Configure a traffic behavior.
Configure a traffic policy.
Apply the traffic policy to an interface.
ACL number
ACL rule
Names of the traffic classifier, traffic behavior, and traffic policy
Interface that the traffic policy is applied to
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
10 ACL Configuration
247