How to configure ACL on an OLT to access or deny private network addresses

  The OLT to the router are Layer 2 transparent transmissions. VLAN 69 only allows 10.111.X.0/24 (each OLT has a Type C private network address). vlan101 does not allow private networks to access the router.

Please configure the following commands in order to set the ACL according with the request:

VLAN69 only allows 10.111.X.0/24 (each OLT has a class C private network address):

(config)# acl 3000<?xml:namespace prefix = "o" />

(config-acl- link-3000)#rule 15 permit 0 destination 10.111.0.0 0.0.0.255

Vlan101 does not allow private network access to the router:

(config-acl-link-3001)#rule 10 deny 0 source 10.111.0.0 0.0.0.255 

(config-acl- link-3001)# rule 15 deny 0 destination 10.111.0.0 0.0.0.255

(config)# acl 4001

(config-acl-link-4000)# rule 5 deny source 101

(config-acl-link-4000)#rule 10 permit source 101

(config)# packet-filter inbound link-group 4001 rule 10 port [F/S/P] // the port for vlan 101 (should be uplink port)

(config)# packet-filter inbound ip-group 3001 rule 10 link-group 4001 rule 5 port [F/S/P] // the port for vlan 101 (should be uplink port)

(config)# packet-filter outbound link-group 4001 rule 10 port [F/S/P] // the port for vlan 101 (should be uplink port)

(config)# packet-filter outbound ip-group 3001 rule 15 link-group 4001 rule 5 port [F/S/P] // the port for vlan 101 (should be uplink port)