Ipv4 packet filtering configuration example, Network requirements – H3C Technologies H3C S12500 Series Switches User Manual
Page 28
19
[Switch-acl6-basic-2000] rule permit source 4050::9000/120
[Switch-acl6-basic-2000] quit
# Create ACL 2001, and define an ACL rule for it.
[Switch] acl ipv6 number 2001
[Switch-acl6-basic-2001] rule permit source any
[Switch-acl6-basic-2001] quit
# Define a class and a traffic behavior to permit packets with source addresses in the range 4050::9000
to 4050::90FF.
[Switch] traffic classifier c_permit
[Switch-classifier-c_permit] if-match acl ipv6 2000
[Switch-classifier-c_permit] quit
[Switch] traffic behavior b_permit
[Switch-behavior-b_permit] filter permit
[Switch-behavior-b_permit] quit
# Define a class and a traffic behavior to deny other packets.
[Switch] traffic classifier c_deny
[Switch-classifier-c_deny] if-match acl ipv6 2001
[Switch-classifier-c_deny] quit
[Switch] traffic behavior b_deny
[Switch-behavior-b_deny] filter deny
[Switch-behavior-b_deny] quit
# Configure a QoS policy.
[Switch] qos policy test
[Switch-qospolicy-test] classifier c_permit behavior b_permit
[Switch-qospolicy-test] classifier c_deny behavior b_deny
[Switch-qospolicy-test] quit
# Apply the QoS policy to port GigabitEthernet 4/0/1 in the inbound direction.
[Switch] interface gigabitethernet 4/0/1
[Switch-GigabitEthernet4/0/1] qos apply policy test inbound
[Switch-GigabitEthernet4/0/1] quit
IPv4 packet filtering configuration example
Network requirements
As shown in
, Host A and Host B connect to the switch to access the Internet.
Configure packet filtering on the VLAN interface of the switch so that everyday from 8:00 to 18:00, the
VLAN-interface denies only IPv4 packets sourced from Host A. Configure the switch to output IPv4 packet
filtering logs to the console at 10-minute intervals.
As actual requirements change, edit the ACL so that the VLAN interface denies only IPv4 packets sourced
from Host B.