H3C S7500 Series Operation Manual page 682

Operation Manual – ACL
H3C S7500 Series Ethernet Switches
II. Network diagram
R&D
Department
Figure 1-2 Network diagram for advanced ACL configuratio
III. Configuration procedure
Note:
Only the commands related to the ACL configuration are listed below.
1) Define the time range
# Define a periodic time range that takes effect from 8:00 to 18:00 every working day.
<H3C> system-view
[H3C] time-range test 8:00 to 18:00 working-day
2) Define an ACL for filtering requests destined for the wage server.
# Create ACL 3000 and enter ACL 3000 view.
[H3C] acl number 3000
# Define an ACL rule for requests destined for the wage server.
[H3C-acl-adv-3000] rule 1 deny ip destination 192.168.1.2 0 time-range test
[H3C-acl-adv-3000] quit
3) Apply the ACL on a port.
# Apply ACL 3000 on Ethernet 2/0/1.
[H3C] interface Ethernet2/0/1
[H3C-Ethernet2/0/1] qos
[H3C-qoss-Ethernet2/0/1] packet-filter inbound ip-group 3000
To the router
Eth2/0/1 Eth2/0/2
Switch
1-24
Chapter 1 ACL Configuration
Wage query server
192.168.1.2
n