Solved

Block a H3C VLAN in S5500

Posted on 2014-04-29
4
707 Views
Last Modified: 2014-05-16
Any idea how to block a IP for a particular IP address on H3C ?

Tks
0
Comment
Question by:AXISHK
  • 2
  • 2
4 Comments
 
LVL 2

Expert Comment

by:Anton Nikitin
ID: 40034579
Hello AXISHK,

I'm not sure I'm reading your question correctly. Are you trying to block traffic from an IP to another specific IP?

Then you'll need to set up an advanced access list.
Let's say you want to block all traffic from host 192.168.1.1 (connected to interface Gi1/0/1) on your network to 8.8.8.8 and allow everything else:

system-view
acl number 10
 rule deny ip source 192.168.1.1 0.0.0.0 destination 8.8.8.8 0.0.0.0

traffic classifier BLOCK_HOST_CLASS operator and
 if-match acl 10

traffic behavior BLOCK_HOST_BEHAV
 filter deny

qos policy BLOCK_HOST
 classifier BLOCK_HOST_CLASS behavior BLOCK_HOST_BEHAV

interface GigabitEthernet1/0/1
 qos apply policy BLOCK_HOST inbound


So these are the steps:
1. Create ACL describing the interesting traffic.
2. Define classifier that uses the ACL.
3. Define behavior to deny.
4. Create a policy to use the classifier (ACL) and act (behavior = deny).
5. Apply the policy to the interface.

You can find more information about access lists on "Configuring an Advanced IPv4 ACL" section in H3C's documentation.

Let me know if you need further assistance,
Anton.
0
 

Author Comment

by:AXISHK
ID: 40036508
Some typo mistake, I want to block a IP in a particular VLAN.

Is there any example on configuring it through the GUI ?

Tks
0
 
LVL 2

Accepted Solution

by:
Anton Nikitin earned 500 total points
ID: 40037073
Hello AXISHK,

this configuration would work on an H3C S3600, not sure if applicable for S5500, you may want to give it a try. In the worst case scenario the device just won't accept the commands.

To deny all traffic from 192.168.1.1 that connected to VLAN 10:

acl number 20
 rule 1 deny ip source 192.168.1.1 0
packet-filter vlan 10 inbound ip-group 20


I don't think it's possible to configure via web interface.

Let me know if there is further clarification needed,
Anton.
0
 

Author Closing Comment

by:AXISHK
ID: 40071627
Tks
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The worst thing when starting a new job is when the previous Network Administrator left behind no documentation. How do you get into the devices? If you've been in this situation or just accidently mistyped your password, this article will hopefully…
Arrow Electronics was searching for a KVM  (Keyboard/Video/Mouse) switch that could display on one single monitor the current status of all units being tested on the rack.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question