GigabitEthernet 1/0/1 of Switch. Apply an ACL to deny requests from the R&D department and destined for the wage server during the working hours (8:00 to 18:00).

Figure 1-4Network diagram for advanced ACL configuration

To the router

Wage query server

192.168.1 .2

GEth1/0/1 GEth1/0/2

Switch

The R&D

Department

Configuration procedure

# Define a periodic time range that is active from 8:00 to 18:00 everyday.

<device> system-view

[device] time-range test 8:00 to 18:00 working-day

# Define ACL 3000 to filter packets destined for wage query server.

[device] acl number 3000

[device-acl-adv-3000] rule 1 deny ip destination 192.168.1.2 0 time-range test

[device-acl-adv-3000] quit

# Apply ACL 3000 on GigabitEthernet 1/0/1.

[device] interface GigabitEthernet1/0/1

[device-GigabitEthernet1/0/1] packet-filter inbound ip-group 3000

Layer 2 ACL Configuration Example

Network requirements

As shown in Figure 1-5, PC1 and PC2 connect to Switch through GigabitEthernet 1/0/1. PC1’s MAC address is 000f-e20f-0101. Apply an ACL to filter packets with the source MAC address of 000f-e20f-0101 and the destination MAC address of 000f-e20f-0303 from 8:00 to 18:00 everyday.

Figure 1-5Network diagram for Layer 2 ACL

PC1

000f-e20f-0101

PC2

GEth1/0/1 To the router

Switch

Configuration procedure

#Define a periodic time range that is active from 8:00 to 18:00 everyday.

1-14

Page 357
Image 357
3Com WX3000 operation manual Layer 2 ACL Configuration Example, # Apply ACL 3000 on GigabitEthernet 1/0/1