华为交换机ACL的小逻辑

用户提了一个需求。，这逻辑我硬是绕了2小时。分享下

需求如表

解决方法如下，需要留意，直接调用在3层交换局全局模式下，可不是只能调用在接口下，h话外提一句 traffic-filte 也是个简易很好用的工具

acl 3000

desc in

rule 5 deny ip source 172.26.68.0 0.0.0.255 destination 172.0.0.0 0.255.255.255

rule 10 deny ip source 172.26.68.0 0.0.0.255 destination 10.33.0.0 0.0.255.255

rule 15 deny ip source 172.25.0.0 0.0.255.255 destination 172.0.0.0 0.255.255.255

rule 20 deny ip source 172.25.0.0 0.0.255.255 destination 10.33.0.0 0.0.255.255

rule 25 permit ip source 172.26.36.0 0.0.0.255 destination 172.0.0.0 0.255.255.255

rule 30 deny ip source 172.26.36.0 0.0.0.255

rule 35 permit ip

acl 3001

desc out

rule 5 deny ip source 172.0.0.0 0.255.255.255 destination 172.26.68.0 0.0.0.255

rule 10 deny ip source 10.33.0.0 0.0.255.255 destination 172.26.68.0 0.0.0.255

rule 15 deny ip source 172.0.0.0 0.255.255.255 destination 172.25.0.0 0.0.255.255

rule 20 deny ip source 10.33.0.0 0.0.255.255 destination 172.25.0.0 0.0.255.255

rule 25 permit ip source 172.0.0.0 0.255.255.255 destination 172.26.36.0 0.0.0.255

rule 30 deny ip source 172.26.36.0 0.0.0.255

rule 35 permit ip

[Sw12700-Core]traffic-filter intbound acl 3000

[Sw12700-Core]traffic-filter outbound acl 3001