Advanced Acl Configuration Example - H3C S7500 Series Operation Manual
Hide thumbs
Also See for S7500 Series:
- Installation manual (79 pages) ,
- Operation manual (47 pages) ,
- Command manual (39 pages)
Table of Contents
Advertisement
Operation Manual – ACL
H3C S7500 Series Ethernet Switches
III. Configuration procedure
Note:
Only the commands related to the ACL configuration are listed below.
1)
Define the time range
# Define a periodic time range that takes effect from 8:00 to 18:00 everyday.
<H3C> system-view
[H3C] time-range test 8:00 to 18:00 daily
2)
Define an ACL for packets with the source IP address of 10.1.1.1.
# Create ACL 2000 and enter ACL 2000 view.
[H3C] acl number 2000
# Define an access rule to deny packets with their source IP addresses being 10.1.1.1.
[H3C-acl-basic-2000] rule 1 deny source 10.1.1.1 0 time-range test
[H3C-acl-basic-2000] quit
3)
Apply the ACL on the port
# Apply ACL 2000 on the port.
[H3C] interface Ethernet2/0/1
[H3C-Ethernet2/0/1] qos
[H3C-qoss-Ethernet2/0/1] packet-filter inbound ip-group 2000
1.11.2 Advanced ACL Configuration Example
I. Network requirements
Different departments of an enterprise are interconnected on the intranet through the
ports of a switch. The IP address of the wage query server is 192.168.1.2. Devices of
the R&D department are connected to Ethernet2/0/1 of the switch. Apply an ACL to
deny requests sourced from the R&D department and destined for the wage server
during the working hours (8:00 to 18:00) of the working days.
1-23
Chapter 1 ACL Configuration
Advertisement
Chapters
Table of Contents
Troubleshooting
