Preventing a Specified Device from Accessing a Network
Prevent the PC at 192.168.1.10 from accessing the network.
<HUAWEI> system-view [HUAWEI] acl 2000 [HUAWEI-acl-basic-2000] rule deny source 192.168.1.10 0.0.0.0 [HUAWEI-acl-basic-2000] quit [HUAWEI] traffic classifier c1 [HUAWEI-classifier-c1] if-match acl 2000 [HUAWEI-classifier-c1] quit [HUAWEI] traffic behavior b1 [HUAWEI-behavior-b1] deny [HUAWEI-behavior-b1] quit [HUAWEI] traffic policy p1 [HUAWEI-trafficpolicy-p1] classifier c1 behavior b1 [HUAWEI-trafficpolicy-p1] quit [HUAWEI] interface gigabitethernet 0/0/1 [HUAWEI-GigabitEthernet0/0/1] traffic-policy p1 inbound
Preventing All Devices on a Network Segment from Accessing a Network
Prevent all devices on the network segment of 192.168.1.0 from accessing a network.
<HUAWEI> system-view [HUAWEI] acl 2000 [HUAWEI-acl-basic-2000] rule deny source 192.168.1.0 0.0.0.255 [HUAWEI-acl-basic-2000] quit [HUAWEI] traffic classifier c1 [HUAWEI-classifier-c1] if-match acl 2000 [HUAWEI-classifier-c1] quit [HUAWEI] traffic behavior b1 [HUAWEI-behavior-b1] deny [HUAWEI-behavior-b1] quit [HUAWEI] traffic policy p1 [HUAWEI-trafficpolicy-p1] classifier c1 behavior b1 [HUAWEI-trafficpolicy-p1] quit [HUAWEI] interface gigabitethernet 0/0/1 [HUAWEI-GigabitEthernet0/0/1] traffic-policy p1 inbound
Filtering Packets of Specified Protocols
- Prevent SMTP packets with TCP destination port 25.
- Prevent POP3 packets with TCP destination port 110.
- Prevent HTTP packets with TCP destination port 80.
<HUAWEI> system-view [HUAWEI] acl 3000 [HUAWEI-acl-adv-3000] rule deny tcp destination-port eq 25 [HUAWEI-acl-adv-3000] rule deny tcp destination-port eq 110 [HUAWEI-acl-adv-3000] rule deny tcp destination-port eq 80 [HUAWEI-acl-adv-3000] quit [HUAWEI] traffic classifier c1 [HUAWEI-classifier-c1] if-match acl 3000 [HUAWEI-classifier-c1] quit [HUAWEI] traffic behavior b1 [HUAWEI-behavior-b1] deny [HUAWEI-behavior-b1] quit [HUAWEI] traffic policy p1 [HUAWEI-trafficpolicy-p1] classifier c1 behavior b1 [HUAWEI-trafficpolicy-p1] quit [HUAWEI] interface gigabitethernet 0/0/1 [HUAWEI-GigabitEthernet0/0/1] traffic-policy p1 inbound
More Information: S Series Switches Common Operation Guide
