Configuring an Internal Deny ACL
Let’s configure the ACL for denying traffic from the Engineering server to the HR server and name the ACL, deny-hr:
CLI network-admin@switch > acl-ip-create name deny-hr action deny scope local src-ip src-ip-mask 24 dst-ip dst-ip-netmask 24 proto ip src-port 55 dst-port 33 vlan 1505
To review the configuration, use the acl-ip-show command:
CLI network-admin@switch > acl-ip-show name deny-hr layout vertical
name:                  deny-hr
id:                    b00011:20
action:                deny
proto:                 ip
src-port:              55
dst-port:              33
vlan:                  1505
scope:                 local
port:                  0
Now, when you attempt to access the Finance server from the Engineering server, the network drops the packets.