4-4
[DeviceA-acl-basic-2009] quit
# Apply ACL 2009 to the inbound direction of interface GigabitEthernet 1/0/1.
[DeviceA] interface gigabitethernet 1/0/1
[DeviceA-GigabitEthernet1/0/1] packet-filter 2009 inbound
# Configure the device to collect and output IPv4 packet filtering logs at an interval of 10 minutes.
[DeviceA] acl logging frequence 10
# Configure the device to output informational log messages to the console.
[DeviceA] info-center source default channel 0 log level informational
Applying an ACL to a VLAN Interface
Network requirements
As shown in
Figure 4-2
, configure packet filtering on Vlan-interface 100 on Device A to deny packets
from Host A to Server from 14:00 to 18:00 during working days without affecting communication
between Host A and Host B.
Figure 4-2
Network diagram for applying an ACL to a VLAN interface
Vlan-int100
192.168.1.1
Host A
192.168.1.2
Host B
192.168.1.3
Server
192.168.5.100
Configuration procedure
# Create a time range named
study
, setting it to become active from 14:00 to 18:00 on working days.
<DeviceA> system-view
[DeviceA] time-range study 14:00 to 18:00 working-day
# Create basic IPv4 ACL2010.
[DeviceA] acl number 2010
# Create a basic IPv4 ACL rule to deny packets sourced from 192.168.1.2/32 during time range
study
.
[DeviceA-acl-basic-2010] rule deny source 192.168.1.2 0 time-range study
[DeviceA-acl-basic-2010] quit
# Apply ACL 2010 to the inbound direction of Vlan-interface 100.
[DeviceA] interface vlan-interface 100
[DeviceA-Vlan-interface100] packet-filter 2010 inbound