HUAWEI -- ACL

先来看第一个

禁止主机192.168.1.10 ，还是所有的，好么使用标准的ACL就可以了
[R1]acl 2000
[R1-acl-basic-2000]rule 5 deny source ?
  IP_ADDR<X.X.X.X>  Address of source
  any               Any source
R1-acl-basic-2000]rule 5 deny source 192.168.1.10 ?
  IP_ADDR<X.X.X.X>  Wildcard of source  //网段
  0                 Wildcard bits : 0.0.0.0 ( a host )  //0代表主机
[R1-acl-basic-2000]rule 5 deny source 192.168.1.10 0
别忘了这里的per any ，其实client 2 是被per any 放行的。
[R1-acl-basic-2000]inter g0/0/0    //进入到接口，进行挂接
[R1-GigabitEthernet0/0/0]traffic-filter ?
  inbound   Apply ACL to the inbound direction of the interface   //进方向
  outbound  Apply ACL to the outbound direction of the interface  //出方向
[R1-GigabitEthernet0/0/0]traffic-filter in
[R1-GigabitEthernet0/0/0]traffic-filter inbound acl 2000 ?   
  <cr>  Please press ENTER to execute command

[R1-GigabitEthernet0/0/0]traffic-filter inbound acl 2000  //在数据进方向挂接ACL

[R1-GigabitEthernet0/0/0]

 rule 5 deny icmp source 192.168.1.20 0 destination 100.1.1.10 0
 rule 10 deny tcp source 192.168.1.20 0 destination 100.1.1.10 0 destination-port eq www

[R1-GigabitEthernet0/0/0]traffic-filter in acl 3000

[R1-acl-adv-3000]rule 15 deny ip source 192.168.1.10 0 destination any