Example for applying an acl to a vlan, Example for applying an acl to a vlan -15 – H3C Technologies H3C WX3000 Series Unified Switches User Manual

36-15

# Define ACL 4000 to filter packets with the source MAC address of 000f-e20f-0101 and the destination
MAC address of 000f-e20f-0303.

[device] acl number 4000

[device-acl-ethernetframe-4000] rule 1 deny source 000f-e20f-0101 ffff-ffff-ffff dest

000f-e20f-0303 ffff-ffff-ffff time-range test

[device-acl-ethernetframe-4000] quit

# Apply ACL 4000 on GigabitEthernet 1/0/1.

[device] interface GigabitEthernet1/0/1

[device-GigabitEthernet1/0/1] packet-filter inbound link-group 4000

Example for Applying an ACL to a VLAN

Network requirements

As shown in

Figure 36-6

, PC1, PC2 and PC3 belong to VLAN 10 and connect to the device through

GigabitEthernet 1/0/1, GigabitEthernet 1/0/2 and GigabitEthernet 1/0/3 respectively. The IP address of
the database server is 192.168.1.2. Apply an ACL to deny packets from PCs in VLAN 10 to the
database server from 8:00 to 18:00 in working days.

Figure 36-6

Network diagram for applying an ACL to a VLAN

GEth1/0/1

PC1

PC 3

Database Server

PC 2

VLAN10

GEth1/0/2

GEth1/0/3

192.168.1.2

Configuration procedure

# Define a periodic time range that is active from 8:00 to 18:00 in working days.

<device> system-view

[device] time-range test 8:00 to 18:00 working-day

# Define an ACL to deny packets destined for the database server.

[device] acl number 3000

[device-acl-adv-3000] rule 1 deny ip destination 192.168.1.2 0 time-range test

[device-acl-adv-3000] quit

# Apply ACL 3000 to VLAN 10.

[device] packet-filter vlan 10 inbound ip-group 3000