(1) the first step to define the rules (set is expected to hit the entry, i.e., the production "filter")
#
The acl number 3000
Rule 0 permit the TCP source 10.0.28.247 0 destination 10.0.20.20 0 destination port eq - 8081///allow access to the white list
Rule 1 deny TCP destination 10.0.20.43 0 destination port eq - 8081///in addition to the white list, banned all
The acl number 3001
Rule 0 permit the TCP source 10.0.24.152 0 destination 10.0.20.91 0 destination port eq - 1521
Rule 1 deny TCP destination 10.0.20.96 0 destination port eq - 1521
The acl number 3002
Rule 0 permit the TCP source 10.0.24.152 0 destination 10.0.20.37 0 destination port eq - 9090
Rule 1 deny TCP destination 10.0.20.37 0 destination port eq - 9090
#
(2) the second step: flow classification (after the classification of the interface flow, match the rules above entry flow formation flow)
Traffic classifier Access - Whitelist operator or
If - match acl 3000
If - match acl 3001
If - match acl 3002
(3) the third step: popular for
Traffic behaviors Access - behaviors
(blank) permit and deny don't configuration!!!!!! All, as long as a behaviors, permit or deny is determined by the ACL entry, too traps, easy fault point, bear in mind that
(4) the fourth step: strategy (installation into a complete strategy: flow classification associated with popular)
Traffic policy Access - policy
Classifier Access - Whitelist behaviors Access - behaviors
(5) step 5: strategy is applied to the interface (to interface installation strategy this part)
#
Interface GigabitEthernet0/1/2
The port link -type access
The port default vlan 4091
Traffic - the policy Access - the policy the inbound + + + +=only add the line
#