Configuration procedure – H3C Technologies H3C S12500 Series Switches User Manual

20

Figure 2 Network diagram

Configuration procedure

# Create a time range named study; set it to be active from 08:00 to 18:00 everyday.

<Switch> system-view

[Switch] time-range study 8:00 to 18:00 daily

# Configure VLAN 2, and assign interface GigabitEthernet 3/0/1 to this VLAN.

[Switch] vlan 2

[Switch-vlan2] port GigabitEthernet 3/0/1

[Switch-vlan2] quit

# Configure a basic IPv4 ACL 2009.

[Switch] acl number 2009

# Create an ACL rule to deny IPv4 packets sourced from 192.168.1.2/32, and configure the rule to log
packet filtering events and count rule matches.

[Switch-acl-basic-2009] rule 5 deny source 192.168.1.2 0 time-range study logging counting

[Switch-acl-basic-2009] quit

# Enable the switch to generate and output IPv4 packet filtering logs at 10-minute intervals.

[Switch] acl logging frequence 10

# Apply ACL 2009 to filter incoming packets on VLAN-interface 2.

[Switch] interface vlan-interface 2

[Switch-Vlan-interface2] ip address 192.168.1.1 24

[Switch-Vlan-interface2] packet-filter 2009 inbound

[Switch-Vlan-interface2] quit

# Configure the switch to output informational log messages to the console.

[Switch] info-center source default channel 0 log level informational

# Edit ACL rule 5 in ACL 2009 to deny IPv4 packets sourced from 192.168.1.3/32. The rule takes effect

on VLAN-interface 2 immediately after the modification. (The switch supports dynamic modification of
ACLs in use.)

[Switch] acl number 2009

[Switch-acl-basic-2009] rule 5 deny source 192.168.1.3 0

[DeviceA-acl-basic-2009] quit