看下交換機型號
[switch-acl-adv-3001] dis version
H3C Comware Platform Software
Comware Software, Version 5.20, Release 2222P10
Copyright (c) 2004-2018 New H3C Technologies Co., Ltd. All rights reserved.
H3C S5120-48P-EI uptime is 9 weeks, 1 day, 5 hours, 19 minutes
H3C S5120-48P-EI with 1 Processor
128M bytes SDRAM
16384K bytes Flash Memory
Hardware Version is REV.B
CPLD Version is 007
Bootrom Version is 205
[SubSlot 0] 48GE+4SFP Hardware Version is REV.B
首先創(chuàng)建ACL規(guī)則
acl number 3001
rule 0 permit tcp source 192.168.1.1 0 destination-port eq 90 //只允許外面的IP192.168.1.1才能訪問交換機上的90端口
rule 1 permit tcp destination 192.168.2.1 0 destination-port eq www //允許交換機上的192.168.2.1被外面訪問80端口
rule 5 deny tcp destination-port eq 90 //阻止外面的設備訪問90端口
rule 6 deny tcp destination-port eq www //阻止外面的設備訪問80端口
rule 7 deny tcp destination-port eq 443 //阻止外面的設備訪問443端口
進入端口
interface GigabitEthernet1/0/48
packet-filter 3001 inbound