No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Common Operation Guide

CloudEngine 12800, 12800E, 8800, 7800, 6800, and 5800 Series Switches

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Using a Traffic Policy to Filter Packets

Using a Traffic Policy to Filter Packets

Configuring the Switch to Prevent a Specified Device from Accessing a Network

Configure the switch to prevent the PC at 192.168.1.10 from accessing the network.

<HUAWEI> system-view 
[~HUAWEI] acl 2000
[*HUAWEI-acl4-basic-2000] rule deny source 192.168.1.10 0.0.0.0
[*HUAWEI-acl4-basic-2000] quit
[*HUAWEI] traffic classifier c1
[*HUAWEI-classifier-c1] if-match acl 2000
[*HUAWEI-classifier-c1] quit
[*HUAWEI] traffic behavior b1
[*HUAWEI-behavior-b1] deny
[*HUAWEI-behavior-b1] quit
[*HUAWEI] traffic policy p1
[*HUAWEI-trafficpolicy-p1] classifier c1 behavior b1
[*HUAWEI-trafficpolicy-p1] quit
[*HUAWEI] interface 10ge 1/0/1
[*HUAWEI-10GE1/0/1] traffic-policy p1 inbound
[*HUAWEI-10GE1/0/1] quit
[*HUAWEI] commit

Configuring the Switch to Prevent All Devices on a Network Segment from Accessing a Network

Configure the switch to prevent all devices on the network segment of 192.168.1.0 from accessing a network.

<HUAWEI> system-view 
[~HUAWEI] acl 2000
[*HUAWEI-acl4-basic-2000] rule deny source 192.168.1.0 0.0.0.255
[*HUAWEI-acl4-basic-2000] quit
[*HUAWEI] traffic classifier c1
[*HUAWEI-classifier-c1] if-match acl 2000
[*HUAWEI-classifier-c1] quit
[*HUAWEI] traffic behavior b1
[*HUAWEI-behavior-b1] deny
[*HUAWEI-behavior-b1] quit
[*HUAWEI] traffic policy p1
[*HUAWEI-trafficpolicy-p1] classifier c1 behavior b1
[*HUAWEI-trafficpolicy-p1] quit
[*HUAWEI] interface 10ge 1/0/1
[*HUAWEI-10GE1/0/1] traffic-policy p1 inbound
[*HUAWEI-10GE1/0/1] quit
[*HUAWEI] commit

Configuring the Switch to Filter Packets of Specified Protocols

  • Configure the switch to prevent SMTP packets with TCP destination port 25.
  • Configure the switch to prevent POP3 packets with TCP destination port 110.
  • Configure the switch to prevent HTTP packets with TCP destination port 80.
<HUAWEI> system-view 
[~HUAWEI] acl 3000
[*HUAWEI-acl4-advance-3000] rule deny tcp destination-port eq 25
[*HUAWEI-acl4-advance-3000] rule deny tcp destination-port eq 110
[*HUAWEI-acl4-advance-3000] rule deny tcp destination-port eq 80
[*HUAWEI-acl4-advance-3000] quit
[*HUAWEI] traffic classifier c1
[*HUAWEI-classifier-c1] if-match acl 3000
[*HUAWEI-classifier-c1] quit
[*HUAWEI] traffic behavior b1
[*HUAWEI-behavior-b1] deny
[*HUAWEI-behavior-b1] quit
[*HUAWEI] traffic policy p1
[*HUAWEI-trafficpolicy-p1] classifier c1 behavior b1
[*HUAWEI-trafficpolicy-p1] quit
[*HUAWEI] interface 10ge 1/0/1
[*HUAWEI-10GE1/0/1] traffic-policy p1 inbound
[*HUAWEI-10GE1/0/1] quit
[*HUAWEI] commit
Translation
Download
Updated: 2018-10-08

Document ID: EDOC1000102369

Views: 144091

Downloads: 3160

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next