Network diagram, Configuration procedure, Advanced acl configuration example – H3C Technologies H3C S3600 Series Switches User Manual

1-18

Network diagram

Figure 1-3 Network diagram for basic ACL configuration

Configuration procedure

# Define a periodic time range that is active from 8:00 to 18:00 everyday.

system-view

[Sysname] time-range test 8:00 to 18:00 daily

# Define ACL 2000 to filter packets with the source IP address of 10.1.1.1.

[Sysname] acl number 2000

[Sysname-acl-basic-2000] rule 1 deny source 10.1.1.1 0 time-range test

[Sysname-acl-basic-2000] quit

# Apply ACL 2000 on Ethernet 1/0/1.

[Sysname] interface Ethernet1/0/1

[Sysname-Ethernet1/0/1] packet-filter inbound ip-group 2000

Advanced ACL Configuration Example

Network requirements

Different departments of an enterprise are interconnected through a switch. The IP address

of the wage query server is 192.168.1.2. The R&D department is connected to Ethernet

1/0/1 of the switch. Apply an ACL to deny requests from the R&D department and destined

for the wage server during the working hours (8:00 to 18:00).