步骤1 配置ACL
[Quidway] acl 3000
[Quidway-acl-user-3000] rule deny ip source 192.168.1.0 0.0.0.255 destination 192.168.2.0 0.0.0.255
步骤2 配置基于用户自定义ACL
# 配置流分类tc1,对匹配ACL 3000 的报文进行分类。
[Quidway] traffic classifier tc1
[Quidway-classifier-tc1] if-match acl 3000
步骤3 配置流行为
# 配置流行为tb1,动作为拒绝报文通过。
[Quidway] traffic behavior tb1
[Quidway-behavior-tb1] deny
步骤4 配置流策略
# 定义流策略,将流分类与流行为关联。
[Quidway] traffic policy tp1
[Quidway-trafficpolicy-tp1] classifier tc1 behavior tb1
步骤5 在接口下应用流策略
# 在接口GE1/0/1 下应用流策略。
[Quidway] interface gigabitethernet 1/0/1
[Quidway-GigabitEthernet1/0/1] traffic-policy tp1 inbound
acl number 4000
rule 5 deny source-mac 5489-98a0-50cc
#
traffic classifier liu operator and
if-match acl 4000
#
traffic behavior dongzuo
permit
#
traffic policy yinyong
classifier liu behavior dongzuo
#
interface Ethernet0/0/1
traffic-policy yinyong outbound