Examples for applying acls to hardware, Basic acl configuration example, Advanced acl configuration example – H3C Technologies H3C WX3000 Series Unified Switches User Manual
Page 342
36-13
Examples for Applying ACLs to Hardware
Basic ACL Configuration Example
Network requirements
As shown in
, PC1 and PC2 connect to Switch through GigabitEthernet 1/0/1. PC1’s IP
address is 10.1.1.1. Apply an ACL on GigabitEthernet 1/0/1 to deny packets with the source IP address
of 10.1.1.1 from 8:00 to 18:00 everyday.
Figure 36-3
Network diagram for basic ACL configuration
Switch
To the router
GEth1/0/1
PC1
10.1.1.1
PC2
Configuration procedure
# Define a periodic time range that is active from 8:00 to 18:00 everyday.
<device> system-view
[device] time-range test 8:00 to 18:00 daily
# Define ACL 2000 to filter packets with the source IP address of 10.1.1.1.
[device] acl number 2000
[device-acl-basic-2000] rule 1 deny source 10.1.1.1 0 time-range test
[device-acl-basic-2000] quit
# Apply ACL 2000 on GigabitEthernet 1/0/1.
[device] interface GigabitEthernet1/0/1
[device-GigabitEthernet1/0/1] packet-filter inbound ip-group 2000
Advanced ACL Configuration Example
Network requirements
As shown in
, different departments of an enterprise are interconnected through Switch. The
IP address of the wage query server is 192.168.1.2. The R&D department is connected to
GigabitEthernet 1/0/1 of Switch. Apply an ACL to deny requests from the R&D department and destined
for the wage server during the working hours (8:00 to 18:00).