beautypg.com

Network diagram, Configuration procedure, User-defined acl configuration example – H3C Technologies H3C S3600 Series Switches User Manual

Page 725: Network requirements

background image

1-20

Network diagram

Figure 1-5 Network diagram for Layer 2 ACL

Switch

Eth1/0/1

PC 1

0011-0011-0011

PC 2

To the router

Configuration procedure

# Define a periodic time range that is active from 8:00 to 18:00 everyday.

system-view

[Sysname] time-range test 8:00 to 18:00 daily

# Define ACL 4000 to filter packets with the source MAC address of 0011-0011-0011 and

the destination MAC address of 0011-0011-0012.

[Sysname] acl number 4000

[Sysname-acl-ethernetframe-4000] rule 1 deny source 0011-0011-0011 ffff-ffff-ffff

dest 0011-0011-0012 ffff-ffff-ffff time-range test

[Sysname-acl-ethernetframe-4000] quit

# Apply ACL 4000 on Ethernet 1/0/1.

[Sysname] interface Ethernet1/0/1

[Sysname-Ethernet1/0/1] packet-filter inbound link-group 4000

User-defined ACL Configuration Example

Network requirements

As shown in

Figure 1-6

, PC 1 and PC 2 are connected to the switch through Ethernet 1/0/1

and Ethernet 1/0/2 respectively. They belong to VLAN 1 and access the Internet through

the same gateway, which has an IP address of 192.168.0.1 (the IP address of

VLAN-interface 1).

Configure a user-defined ACL to deny all ARP packets from PC 1 that use the gateway IP

address as the source address from 8:00 to 18:00 everyday.

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: