User-Defined Acl Configuration Example; Example For Applying An Acl To A Vlan - 3Com E4500-24 Cli Configuration Manual

User-defined ACL Configuration Example

Network requirements
As shown in Figure
1/0/2 respectively. They belong to VLAN 1 and access the Internet through the same gateway, which
has an IP address of 192.168.0.1 (the IP address of VLAN-interface 1).
Configure a user-defined ACL to deny all ARP packets from PC 1 that use the gateway IP address as
the source address from 8:00 to 18:00 everyday.
Network diagram
Figure 1-6 Network diagram for user-defined ACL
Configuration procedure
# Define a periodic time range that is active from 8:00 to 18:00 everyday.
<Sysname> system-view
[Sysname] time-range test 8:00 to 18:00 daily
# Define ACL 5000 to deny any ARP packet whose source IP address is 192.168.0.1 from 8:00 to 18:00
everyday (provided that VLAN-VPN is not enabled on any port). In the ACL rule, 0806 is the ARP
protocol number, ffff is the mask of the rule, 16 is the protocol type field offset of the internally processed
Ethernet frame, c0a80001 is the hexadecimal form of 192.168.0.1, and 32 is the source IP address field
offset of the internally processed ARP packet.
[Sysname] acl number 5000
[Sysname-acl-user-5000] rule 1 deny 0806 ffff 16 c0a80001 ffffffff 32 time-range test
# Apply ACL 5000 on Ethernet 1/0/1.
[Sysname] interface Ethernet1/0/1
[Sysname-Ethernet1/0/1] packet-filter inbound user-group 5000

Example for Applying an ACL to a VLAN

Network requirements
PC 1, PC 2 and PC 3 belong to VLAN 10 and connect to the switch through Ethernet 1/0/1, Ethernet
1/0/2 and Ethernet 1/0/3 respectively. The IP address of the database server is 192.168.1.2. Apply an
ACL to deny packets from PCs in VLAN 10 to the database server from 8:00 to 18:00 in working days.
1-6, PC 1 and PC 2 are connected to the switch through Ethernet 1/0/1 and Ethernet
1-15