No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S1720, S2700, S3700, S5700, S6700, S7700, and S9700 Series Switches Common Operation Guide

This document describes the CLI-based configurations of universal protocols and common features for Huawei switches on basic networks.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Using a Traffic Policy to Filter Packets

Using a Traffic Policy to Filter Packets

Preventing a Specified Device from Accessing a Network

Prevent the PC at 192.168.1.10 from accessing the network.

<HUAWEI> system-view 
[HUAWEI] acl 2000
[HUAWEI-acl-basic-2000] rule deny source 192.168.1.10 0.0.0.0
[HUAWEI-acl-basic-2000] quit
[HUAWEI] traffic classifier c1
[HUAWEI-classifier-c1] if-match acl 2000
[HUAWEI-classifier-c1] quit
[HUAWEI] traffic behavior b1
[HUAWEI-behavior-b1] deny
[HUAWEI-behavior-b1] quit
[HUAWEI] traffic policy p1
[HUAWEI-trafficpolicy-p1] classifier c1 behavior b1
[HUAWEI-trafficpolicy-p1] quit
[HUAWEI] interface gigabitethernet 1/0/1
[HUAWEI-GigabitEthernet1/0/1] traffic-policy p1 inbound

Preventing All Devices on a Network Segment from Accessing a Network

Prevent all devices on the network segment of 192.168.1.0 from accessing a network.

<HUAWEI> system-view 
[HUAWEI] acl 2000
[HUAWEI-acl-basic-2000] rule deny source 192.168.1.0 0.0.0.255
[HUAWEI-acl-basic-2000] quit
[HUAWEI] traffic classifier c1
[HUAWEI-classifier-c1] if-match acl 2000
[HUAWEI-classifier-c1] quit
[HUAWEI] traffic behavior b1
[HUAWEI-behavior-b1] deny
[HUAWEI-behavior-b1] quit
[HUAWEI] traffic policy p1
[HUAWEI-trafficpolicy-p1] classifier c1 behavior b1
[HUAWEI-trafficpolicy-p1] quit
[HUAWEI] interface gigabitethernet 1/0/1
[HUAWEI-GigabitEthernet1/0/1] traffic-policy p1 inbound

Filtering Packets of Specified Protocols

  • Prevent SMTP packets with TCP destination port 25.
  • Prevent POP3 packets with TCP destination port 110.
  • Prevent HTTP packets with TCP destination port 80.
<HUAWEI> system-view 
[HUAWEI] acl 3000
[HUAWEI-acl-adv-3000] rule deny tcp destination-port eq 25
[HUAWEI-acl-adv-3000] rule deny tcp destination-port eq 110
[HUAWEI-acl-adv-3000] rule deny tcp destination-port eq 80
[HUAWEI-acl-adv-3000] quit
[HUAWEI] traffic classifier c1
[HUAWEI-classifier-c1] if-match acl 3000
[HUAWEI-classifier-c1] quit
[HUAWEI] traffic behavior b1
[HUAWEI-behavior-b1] deny
[HUAWEI-behavior-b1] quit
[HUAWEI] traffic policy p1
[HUAWEI-trafficpolicy-p1] classifier c1 behavior b1
[HUAWEI-trafficpolicy-p1] quit
[HUAWEI] interface gigabitethernet 1/0/1
[HUAWEI-GigabitEthernet1/0/1] traffic-policy p1 inbound
Translation
Download
Updated: 2018-09-03

Document ID: EDOC1000057410

Views: 85086

Downloads: 12115

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next