Configuring an Internal Deny ACL
Let’s configure the ACL for denying traffic from the Engineering server to the HR server and name the ACL, deny-hr:
CLI network-admin@switch > acl-ip-create name deny-hr action deny scope local src-ip 192.168.10.2 src-ip-mask 24 dst-ip 192.168.200.3 dst-ip-netmask 24 proto ip src-port 55 dst-port 33 vlan 1505
To review the configuration, use the acl-ip-show command:
CLI network-admin@switch > acl-ip-show name deny-hr layout vertical
name:                  deny-hr
id:                    b00011:20
action:                deny
proto:                 ip
src-ip:                192.168.10.2/24
src-port:              55
dst-ip:                192.168.200.3/24
dst-port:              33
vlan:                  1505
scope:                 local
port:                  0
 
Now, when you attempt to access the Finance server from the Engineering server, the network drops the packets.