Configuration of an Advanced ACL-HUAWEI

********Advanced ACL Configuration********

The service board of the MA5600T resides in slot 1 and belongs to a VLAN, and the IP address of the VLAN L3 interface is 10.10.10.101. To prohibit the ICMP (such as ping) and telnet operations from the user side to the VLAN interface on the device, do as follows:

OLT(config)#acl 3001
OLT(config-acl-basic-3001)#rule 1 deny icmp destination 10.10.10.101 0
OLT(config-acl-basic-3001)#rule 2 deny tcp destination 10.10.10.101 0 destination-port eq telnet 
OLT(config-acl-basic-3001)#quit
OLT(config)#packet-filter inbound ip-group 3001 rule 1 port 0/1/0
OLT(config)#packet-filter inbound ip-group 3001 rule 2 port 0/1/0
OLT(config)#save

                                  *******END*******

Be the first to comment

Leave a Reply

Your email address will not be published.


*


For security, use of Google's reCAPTCHA service is required which is subject to the Google Privacy Policy and Terms of Use.

I agree to these terms.