Network diagram, Configuration procedure, Example for applying an acl to a vlan – H3C Technologies H3C S3600 Series Switches User Manual

1-22

Network diagram

Figure 1-7 Network diagram for IPv6 ACL configuration

Configuration procedure

# Define a periodic time range that is active from 8:00 to 18:00 everyday.

system-view

[Sysname] time-range test 8:00 to 18:00 daily

# Create an IPv6 ACL and configure a rule for the ACL, denying packets from 3001::1/64 to

3002::1/64.

[Sysname] acl number 5000

[Sysname-acl-user-5000] rule deny src-ip 3001::1 64 dest-ip 3002::1 64 time-range

test

[Sysname-acl-user-5000] quit

# Apply the ACL to port Ethernet 1/0/1.

[Sysname] interface Ethernet1/0/1

[Sysname-Ethernet1/0/1] packet-filter inbound user-group 5000

Example for Applying an ACL to a VLAN

Network requirements

PC 1, PC 2 and PC 3 belong to VLAN 10 and connect to the switch through Ethernet 1/0/1,

Ethernet 1/0/2 and Ethernet 1/0/3 respectively. The IP address of the database server is

192.168.1.2. Apply an ACL to deny packets from PCs in VLAN 10 to the database server

from 8:00 to 18:00 in working days.