3com WX3000 Manuel D’Utilisation

 

1-15 

<device> system-view 

[device] time-range test 8:00 to 18:00 daily 

# Define ACL 4000 to filter packets with the source MAC address of 000f-e20f-0101 and the destination 

MAC address of 000f-e20f-0303. 

[device] acl number 4000 

[device-acl-ethernetframe-4000] rule 1 deny source 000f-e20f-0101 ffff-ffff-ffff dest 

000f-e20f-0303 ffff-ffff-ffff time-range test 

[device-acl-ethernetframe-4000] quit 

# Apply ACL 4000 on GigabitEthernet 1/0/1. 

[device] interface GigabitEthernet1/0/1 

[device-GigabitEthernet1/0/1] packet-filter inbound link-group 4000 

As shown in 

, PC1, PC2 and PC3 belong to VLAN 10 and connect to the device through 

GigabitEthernet 1/0/1, GigabitEthernet 1/0/2 and GigabitEthernet 1/0/3 respectively. The IP address of 

the database server is 192.168.1.2. Apply an ACL to deny packets from PCs in VLAN 10 to the 

database server from 8:00 to 18:00 in working days. 

Network diagram for applying an ACL to a VLAN 

GEth1/0/1

PC1

PC 3

Database Server

PC 2

VLAN 10

GEth 1/0/2

GEth 1/0/3

192.168.1.2

 

 

# Define a periodic time range that is active from 8:00 to 18:00 in working days. 

<device> system-view 

[device] time-range test 8:00 to 18:00 working-day 

# Define an ACL to deny packets destined for the database server. 

[device] acl number 3000 

[device-acl-adv-3000] rule 1 deny ip destination 192.168.1.2 0 time-range test 

[device-acl-adv-3000] quit