H3C S3100 Series Operation Manual
  1. Manuals
  2. Brands
  3. H3C Manuals
  4. Switch
  5. S3100 Series
  6. Operation manual
H3C S3100 Series Operation Manual

H3C S3100 Series Operation Manual

For soliton - acl
Hide thumbs Also See for S3100 Series:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Command Manual, Operating Manual
Operation Manual (For Soliton) - ACL
H3C S3100 Series Ethernet Switches
Chapter 1 ACL Configuration....................................................................................................... 1-1
1.1 ACL Overview .................................................................................................................... 1-1
1.1.1 ACL Matching Order ............................................................................................... 1-2
1.1.2 Ways to Apply an ACL on a Switch......................................................................... 1-3
1.2 ACL Configuration.............................................................................................................. 1-4
1.2.1 Configuring Time Range ......................................................................................... 1-4
1.2.2 Configuring Basic ACL ............................................................................................ 1-5
1.2.3 Configuring Advanced ACL..................................................................................... 1-7
1.2.4 Configuring Layer 2 ACL......................................................................................... 1-8
1.2.5 Configuring an IPv6 ACL....................................................................................... 1-10
1.3 ACL Assignment .............................................................................................................. 1-12
1.3.1 Assigning an ACL Globally.................................................................................... 1-13
1.3.2 Assigning an ACL to a VLAN ................................................................................ 1-13
1.3.3 Assigning an ACL to a Port Group ........................................................................ 1-14
1.3.4 Assigning an ACL to a Port ................................................................................... 1-15
1.4 Displaying ACL Configuration.......................................................................................... 1-16
1.5 Example for Upper-Layer Software Referencing ACLs ................................................... 1-16
1.5.1 Example for Controlling Telnet Login Users by Source IP.................................... 1-16
1.5.2 Example for Controlling Web Login Users by Source IP ...................................... 1-17
1.6 Example for Applying ACLs to Hardware ........................................................................ 1-18
1.6.1 Basic ACL Configuration Example ........................................................................ 1-18
1.6.2 Advanced ACL Configuration Example................................................................. 1-19
1.6.3 Layer 2 ACL Configuration Example..................................................................... 1-19
1.6.4 IPv6 ACL Configuration Example.......................................................................... 1-20
1.6.5 Example for Applying an ACL to a Port Group ..................................................... 1-21

Table of Contents

i
Table of Contents

Advertisement

Table of Contents
loading

Related Manuals for H3C S3100 Series

Summary of Contents for H3C S3100 Series

  • Page 1: Table Of Contents

    1.1 ACL Overview ........................1-1 1.1.1 ACL Matching Order ....................1-2 1.1.2 Ways to Apply an ACL on a Switch................. 1-3 1.1.3 Types of ACLs Supported by S3100 Series Ethernet Switches ......1-3 1.2 ACL Configuration......................1-4 1.2.1 Configuring Time Range ..................1-4 1.2.2 Configuring Basic ACL ....................

  • Page 2: Chapter 1 Acl Configuration

    “and” operation with the mask on the basis of packet headers. Note: S3100 Series Ethernet switches match IPv6 packets by user-defined ACLs. In the following sections, user-defined ACLs are referred to as IPv6 ACLs. For details about IPv6 ACL, refer to section 1.2.5 Configuring an IPv6...

  • Page 3: Acl Matching Order

    Operation Manual (For Soliton) – ACL H3C S3100 Series Ethernet Switches Chapter 1 ACL Configuration 1.1.1 ACL Matching Order An ACL can contain multiple rules, each of which matches specific type of packets. So the order in which the rules of an ACL are matched needs to be determined.

  • Page 4: Ways To Apply An Acl On A Switch

    In this case, the rules in an ACL are matched in the order determined by the hardware instead of that defined in the ACL. For H3C S3100 series Ethernet switches, the earlier the rule applies, the higher the match priority.

  • Page 5: Acl Configuration

    Absolute time range, which takes effect only in a period of time and does not recur. Note: An absolute time range on an H3C S3100 Series Ethernet Switches can be within the range 1970/1/1 00:00 to 2100/12/31 24:00. I. Configuration procedure...

  • Page 6: Configuring Basic Acl

    Operation Manual (For Soliton) – ACL H3C S3100 Series Ethernet Switches Chapter 1 ACL Configuration If only an absolute time section is defined in a time range, the time range is active only when the system time is within the defined absolute time section. If multiple absolute time sections are defined in a time range, the time range is active only when the system time is within one of the absolute time sections.
  • Page 7 Operation Manual (For Soliton) – ACL H3C S3100 Series Ethernet Switches Chapter 1 ACL Configuration The source IP addresses based on which the ACL filters packets are determined. II. Configuration procedure Table 1-2 Define a basic ACL rule Operation Command...

  • Page 8: Configuring Advanced Acl

    Operation Manual (For Soliton) – ACL H3C S3100 Series Ethernet Switches Chapter 1 ACL Configuration Basic ACL 2000, 1 rule Acl's step is 1 rule 0 deny source 192.168.0.1 0 1.2.3 Configuring Advanced ACL An advanced ACL can filter packets by their source and destination IP addresses, the protocols carried by IP, and protocol-specific features such as TCP/UDP source and destination ports, ICMP message type and message code.

  • Page 9: Configuring Layer 2 Acl

    Operation Manual (For Soliton) – ACL H3C S3100 Series Ethernet Switches Chapter 1 ACL Configuration Operation Command Description Assign a Optional description string description text No description by default to the ACL Note that: With the config match order specified for the advanced ACL, you can modify any existent rule.
  • Page 10 Operation Manual (For Soliton) – ACL H3C S3100 Series Ethernet Switches Chapter 1 ACL Configuration A Layer 2 ACL can be numbered from 4000 to 4999. I. Configuration prerequisites To configure a time range-based Layer 2 ACL rule, you need to create the corresponding time ranges first.

  • Page 11: Configuring An Ipv6 Acl

    1.2.5 Configuring an IPv6 ACL You can match IPv6 packets by IPv6 ACLs to process IPv6 data flows as required. S3100 Series Ethernet switches support matching the following fields: dscp: Matches the traffic class field in IPv6 packets. ip-protocol: Matches the next header field in IPv6 packets.
  • Page 12 Operation Manual (For Soliton) – ACL H3C S3100 Series Ethernet Switches Chapter 1 ACL Configuration II. Configuration procedure Table 1-5 Define an IPv6 ACL rule Operation Command Description Enter system view system-view — Required By default, no IPv6 ACL template is configured.

  • Page 13: Acl Assignment

    Operation Manual (For Soliton) – ACL H3C S3100 Series Ethernet Switches Chapter 1 ACL Configuration current greatest rule number is 65534, however, the system will display an error message and you need to specify a number for the rule. The content of a modified or created rule cannot be identical with the content of any existing rule of the ACL;...

  • Page 14: Assigning An Acl Globally

    Operation Manual (For Soliton) – ACL H3C S3100 Series Ethernet Switches Chapter 1 ACL Configuration Caution: In terms of priority, the ACLs assigned globally, ACLs assigned to a VLAN and ACLs assigned to a port group (or a port) rank in descending order. If a packet matches...

  • Page 15: Assigning An Acl To A Port Group

    Operation Manual (For Soliton) – ACL H3C S3100 Series Ethernet Switches Chapter 1 ACL Configuration II. Configuration procedure Table 1-7 Assign an ACL to a VLAN Operation Command Description — Enter system view system-view Required packet-filter vlan Apply an ACL to a...

  • Page 16: Assigning An Acl To A Port

    Operation Manual (For Soliton) – ACL H3C S3100 Series Ethernet Switches Chapter 1 ACL Configuration Note: After an ACL is assigned to a port group, it will be automatically assigned to the ports that are subsequently added to the port group.

  • Page 17: Displaying Acl Configuration

    Operation Manual (For Soliton) – ACL H3C S3100 Series Ethernet Switches Chapter 1 ACL Configuration <Sysname> system-view [Sysname] interface Ethernet 1/0/1 [Sysname-Ethernet1/0/1] packet-filter inbound ip-group 2000 1.4 Displaying ACL Configuration After the above configuration, you can execute the display commands in any view to view the ACL running information and verify the configuration.

  • Page 18: Example For Controlling Web Login Users By Source Ip

    Operation Manual (For Soliton) – ACL H3C S3100 Series Ethernet Switches Chapter 1 ACL Configuration II. Network diagram Internet Switch 10.110.100.52 Figure 1-1 Network diagram for controlling Telnet login users by source IP III. Configuration procedure # Define ACL 2000.

  • Page 19: Example For Applying Acls To Hardware

    Operation Manual (For Soliton) – ACL H3C S3100 Series Ethernet Switches Chapter 1 ACL Configuration [Sysname] acl number 2001 [Sysname-acl-basic-2001] rule 1 permit source 10.110.100.46 0 [Sysname-acl-basic-2001] quit # Reference ACL 2001 to control users logging in to the Web server.

  • Page 20: Advanced Acl Configuration Example

    Operation Manual (For Soliton) – ACL H3C S3100 Series Ethernet Switches Chapter 1 ACL Configuration 1.6.2 Advanced ACL Configuration Example I. Network requirements Different departments of an enterprise are interconnected through a switch. The IP address of the wage query server is 192.168.1.2. The R&D department is connected to Ethernet 1/0/1 of the switch.

  • Page 21: Ipv6 Acl Configuration Example

    Operation Manual (For Soliton) – ACL H3C S3100 Series Ethernet Switches Chapter 1 ACL Configuration II. Network diagram Figure 1-5 Network diagram for Layer 2 ACL III. Configuration procedure # Define a periodic time range that is active from 8:00 to 18:00 everyday.

  • Page 22: Example For Applying An Acl To A Port Group

    Operation Manual (For Soliton) – ACL H3C S3100 Series Ethernet Switches Chapter 1 ACL Configuration II. Network diagram Figure 1-6 Network diagram for IPv6 ACL configuration III. Configuration procedure # Define a periodic time range that is active from 8:00 to 18:00 everyday.
  • Page 23 Operation Manual (For Soliton) – ACL H3C S3100 Series Ethernet Switches Chapter 1 ACL Configuration II. Network diagram Database server 192.168.1.2 Eth1/0/1 Eth1/0/3 Eth1/0/2 Port group 1 PC 1 PC 2 PC 3 Figure 1-7 Network diagram for applying an ACL to a port group III.

Table of Contents