Operation Manual – ACLH3C S5600 Series Ethernet Switches Chapter 1 ACL Configuration1-161.5.2 Advanced ACL Configuration ExampleI. Network requirementsDifferent departments of an enterprise are interconnected through a switch. The IPaddress of the wage query server is 192.168.1.2. The R&D department is connected toGigabitEthernet 1/0/1 of the switch. Apply an ACL to deny requests from the R&Ddepartment and destined for the wage server during the working hours (8:00 to 18:00).II. Network diagramFigure 1-4 Network diagram for advanced ACL configurationIII. Configuration procedure# Define a periodic time range that is active from 8:00 to 18:00 everyday. system-view[Sysname] time-range test 8:00 to 18:00 working-day# Define ACL 3000 to filter packets destined for wage query server.[Sysname] acl number 3000[Sysname-acl-adv-3000] rule 1 deny ip destination 192.168.1.2 0 time-rangetest[Sysname-acl-adv-3000] quit# Apply ACL 3000 on GigabitEthernet 1/0/1.[Sysname] interface GigabitEthernet1/0/1[Sysname-GigabitEthernet1/0/1] packet-filter inbound ip-group 30001.5.3 Layer 2 ACL Configuration ExampleI. Network requirementsPC 1 and PC 2 connect to the switch through GigabitEthernet 1/0/1. PC 1’s MACaddress is 0011-0011-0011. Apply an ACL to filter packets with the source MACaddress of 0011-0011-0011 and the destination MAC address of 0011-0011-0012 from8:00 to 18:00 everyday.