<device> system-view

[device] time-range test 8:00 to 18:00 daily

#Define ACL 4000 to filter packets with the source MAC address of 000f-e20f-0101 and the destination MAC address of 000f-e20f-0303.

[device] acl number 4000

[device-acl-ethernetframe-4000] rule 1 deny source 000f-e20f-0101 ffff-ffff-ffff dest 000f-e20f-0303 ffff-ffff-ffff time-range test

[device-acl-ethernetframe-4000] quit

# Apply ACL 4000 on GigabitEthernet 1/0/1.

[device] interface GigabitEthernet1/0/1

[device-GigabitEthernet1/0/1] packet-filter inbound link-group 4000

Example for Applying an ACL to a VLAN

Network requirements

As shown in Figure 1-6, PC1, PC2 and PC3 belong to VLAN 10 and connect to the device through GigabitEthernet 1/0/1, GigabitEthernet 1/0/2 and GigabitEthernet 1/0/3 respectively. The IP address of the database server is 192.168.1.2. Apply an ACL to deny packets from PCs in VLAN 10 to the database server from 8:00 to 18:00 in working days.

Figure 1-6Network diagram for applying an ACL to a VLAN

Database Server

192.168.1.2

GEth1/0/1 GEth1/0/3

GEth1/0/2

VLAN10

PC1

PC 2

PC3

Configuration procedure

# Define a periodic time range that is active from 8:00 to 18:00 in working days.

<device> system-view

[device] time-range test 8:00 to 18:00 working-day

# Define an ACL to deny packets destined for the database server.

[device] acl number 3000

[device-acl-adv-3000] rule 1 deny ip destination 192.168.1.2 0 time-range test

[device-acl-adv-3000] quit

1-15

Page 358
Image 358
3Com WX3000 operation manual Example for Applying an ACL to a Vlan, # Apply ACL 4000 on GigabitEthernet 1/0/1