Configuring Huawei Router ACLs and Traffic Policies to Block Specific IP Ranges and Ports

This document provides step‑by‑step CLI commands for Huawei routers to define access control lists (ACLs) and traffic policies that restrict network access for specific IP subnets and application ports.

First, an ACL named acl 2000 is created to deny all traffic from the 192.168.1.0 0.0.0.255 subnet:

acl 2000 rule deny source 192.168.1.0 0.0.0.255 quit

A traffic classifier c1 is then bound to this ACL, and a traffic behavior b1 is set to deny . The classifier and behavior are combined into a traffic policy p1 and applied inbound on interface GigabitEthernet0/0/1 :

traffic classifier c1 if-match acl 2000 quit traffic behavior b1 deny quit traffic policy p1 classifier c1 behavior b1 quit interface GigabitEthernet0/0/1 traffic-policy p1 inbound

To block specific application protocols, a second ACL acl 3000 is defined with rules that deny TCP traffic destined for ports 25 (SMTP), 110 (POP3), and 80 (HTTP):

acl 3000 rule deny tcp destination-port eq 25 rule deny tcp destination-port eq 110 rule deny tcp destination-port eq 80 quit

The same classifier c1 , behavior b1 , and policy p1 are reused, and the policy is again applied inbound on the same interface, effectively filtering the specified application traffic.