Example for applying an acl to a port group, Network requirements, Network diagram – H3C Technologies H3C S3100 Series Switches User Manual

1-19

<Sysname> system-view

[Sysname] time-range test 8:00 to 18:00 daily

# Set the port to trust the 802.1p (CoS) priority in received packets.

[Sysname] priority trust

# Define an IPv6 ACL template to match the source address and destination address fields in IPv6

packets.

[Sysname] ipv6-acl-template src-ip dest-ip

# Create an IPv6 ACL and configure a rule for the ACL, denying packets from 3001::1/64 to 3002::1/64.

[Sysname] acl number 5000

[Sysname-acl-user-5000] rule deny src-ip 3001::1 64 dest-ip 3002::1 64 time-range test

[Sysname-acl-user-5000] quit

# Apply the ACL to port Ethernet 1/0/1.

[Sysname] interface Ethernet1/0/1

[Sysname-Ethernet1/0/1] packet-filter inbound user-group 5000

Example for Applying an ACL to a Port Group

Network requirements

PC 1, PC 2 and PC 3 connect to the switch through Ethernet 1/0/1, Ethernet 1/0/2 and Ethernet 1/0/3

respectively. Ethernet 1/0/1, Ethernet 1/0/2 and Ethernet 1/0/3 are port members of port group 1. The IP

address of the database server is 192.168.1.2. Apply an ACL to deny packets from PCs in port group 1

to the database server from 8:00 to 18:00 in working days.

Network diagram

Figure 1-7 Network diagram for applying an ACL to a port group

Eth1/0/1

PC 1

PC 3

Database server

PC 2

Port group 1

Eth1/0/2

Eth1/0/3

192.168.1.2

Configuration procedure

# Define a periodic time range that is active from 8:00 to 18:00 in working days.

<Sysname> system-view

[Sysname] time-range test 8:00 to 18:00 working-day