Layer 2 Acl Configuration Example; Example For Applying An Acl To A Vlan - H3C S5100-SI Operation Manual

Layer 2 ACL Configuration Example

Network requirements
PC 1 and PC 2 connect to the switch through GigabitEthernet 1/0/1. PC1's MAC address is
0011-0011-0011. Apply an ACL to filter packets with the source MAC address of 0011-0011-0011 and
the destination MAC address of 0011-0011-0012 from 8:00 to 18:00 everyday.
Network diagram
Figure 1-5 Network diagram for Layer 2 ACL
Configuration procedure
# Define a periodic time range that is active from 8:00 to 18:00 everyday.
<Sysname> system-view
[Sysname] time-range test 8:00 to 18:00 daily
# Define ACL 4000 to filter packets with the source MAC address of 0011-0011-0011 and the destination
MAC address of 0011-0011-0012.
[Sysname] acl number 4000
[Sysname-acl-ethernetframe-4000] rule 1 deny source 0011-0011-0011 ffff-ffff-ffff dest
0011-0011-0012 ffff-ffff-ffff time-range test
[Sysname-acl-ethernetframe-4000] quit
# Apply ACL 4000 on GigabitEthernet 1/0/1.
[Sysname] interface GigabitEthernet1/0/1
[Sysname-GigabitEthernet1/0/1] packet-filter inbound link-group 4000

Example for Applying an ACL to a VLAN

Network requirements
PC1, PC2 and PC3 belong to VLAN 10 and connect to the switch through GigabitEthernet 1/0/1,
GigabitEthernet 1/0/2 and GigabitEthernet 1/0/3 respectively. The IP address of the database server is
192.168.1.2. Apply an ACL to deny packets from PCs in VLAN 10 to the database server from 8:00 to
18:00 in working days.
1-15