Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document.
Note: Even the most advanced machine translation cannot match the quality of professional translators.
Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring ACL-based Packet Filtering
Networking Requirements
In Figure 11-1, the Switch, which functions as a gateway, connects to tenant servers. An ACL needs to be configured to reject packets with source MAC address of 00e0-f201-0101 and destination MAC addresses of 0260-e207-0002.
Configuration Roadmap
The configuration roadmap is as follows:
- Configure a Layer 2 ACL and ACL rule.
- Configure ACL-based packet filtering in the inbound direction of an interface.
Procedure
- Configure a Layer 2 ACL and ACL rule to reject packets with source MAC address of 00e0-f201-0101 and destination MAC addresses of 0260-e207-0002.
<HUAWEI> system-view [~HUAWEI] sysname Switch [*HUAWEI] commit [~Switch] acl 4000 [*Switch-acl-L2-4000] rule deny source-mac 00e0-f201-0101 ffff-ffff-ffff destination-mac 0260-e207-0002 ffff-ffff-ffff [*Switch-acl-L2-4000] quit
- Configure ACL-based packet filtering in the inbound direction of 10GE1/0/2.
[*Switch] interface 10ge 1/0/2 [*Switch-10GE1/0/2] traffic-filter acl 4000 inbound [*Switch-10GE1/0/2] quit [*Switch] commit