Network diagram, Configuration procedure, Ipv6 acl configuration example – H3C Technologies H3C S3600 Series Switches User Manual

1-21

Network diagram

Figure 1-6 Network diagram for user-defined ACL

Configuration procedure

# Define a periodic time range that is active from 8:00 to 18:00 everyday.

system-view

[Sysname] time-range test 8:00 to 18:00 daily

# Define ACL 5000 to deny any ARP packet whose source IP address is 192.168.0.1 from

8:00 to 18:00 everyday (provided that VLAN-VPN is not enabled on any port). In the ACL

rule, 0806 is the ARP protocol number, ffff is the mask of the rule, 16 is the protocol type

field offset of the internally processed Ethernet frame, c0a80001 is the hexadecimal form

of 192.168.0.1, and 32 is the source IP address field offset of the internally processed ARP

packet.

[Sysname] acl number 5000

[Sysname-acl-user-5000] rule 1 deny 0806 ffff 16 c0a80001 ffffffff 32 time-rang e

test

# Apply ACL 5000 on Ethernet 1/0/1.

[Sysname] interface Ethernet1/0/1

[Sysname-Ethernet1/0/1] packet-filter inbound user-group 5000

IPv6 ACL Configuration Example

Network requirements

PC 1 and PC 2 connect to the switch through Ethernet 1/0/1. The IP address of PC 1 is

3001::1/64. Configure an ACL to filter packets that PC 1 sends to 3002::1/64 from 8:00 to

18:00 everyday.