Example For Applying An Acl To A Port Group - H3C S3100 Series Operation Manual

<Sysname> system-view
[Sysname] time-range test 8:00 to 18:00 daily
# Set the port to trust the 802.1p (CoS) priority in received packets.
[Sysname] priority trust
# Define an IPv6 ACL template to match the source address and destination address fields in IPv6
packets.
[Sysname] ipv6-acl-template src-ip dest-ip
# Create an IPv6 ACL and configure a rule for the ACL, denying packets from 3001::1/64 to 3002::1/64.
[Sysname] acl number 5000
[Sysname-acl-user-5000] rule deny src-ip 3001::1 64 dest-ip 3002::1 64 time-range test
[Sysname-acl-user-5000] quit
# Apply the ACL to port Ethernet 1/0/1.
[Sysname] interface Ethernet1/0/1
[Sysname-Ethernet1/0/1] packet-filter inbound user-group 5000

Example for Applying an ACL to a Port Group

Network requirements
PC 1, PC 2 and PC 3 connect to the switch through Ethernet 1/0/1, Ethernet 1/0/2 and Ethernet 1/0/3
respectively. Ethernet 1/0/1, Ethernet 1/0/2 and Ethernet 1/0/3 are port members of port group 1. The IP
address of the database server is 192.168.1.2. Apply an ACL to deny packets from PCs in port group 1
to the database server from 8:00 to 18:00 in working days.
Network diagram
Figure 1-7 Network diagram for applying an ACL to a port group
Eth1/0/1
Port group 1
PC 1
Configuration procedure
# Define a periodic time range that is active from 8:00 to 18:00 in working days.
<Sysname> system-view
[Sysname] time-range test 8:00 to 18:00 working-day
Database server
192.168.1.2
Eth1/0/3
Eth1/0/2
PC 2 PC 3
1-19