Configuring Huawei Router ACLs and Traffic Policies to Block Specific IP Ranges and Ports

This document provides step‑by‑step CLI commands for Huawei routers to define access control lists (ACLs) and traffic policies that restrict network access for specific IP subnets and application ports.

First, an ACL named acl 2000 is created to deny all traffic from the 192.168.1.0 0.0.0.255 subnet:

acl 2000

rule deny source 192.168.1.0 0.0.0.255

quit

A traffic classifier c1 is then bound to this ACL, and a traffic behavior b1 is set to deny. The classifier and behavior are combined into a traffic policy p1 and applied inbound on interface GigabitEthernet0/0/1:

traffic classifier c1

if-match acl 2000

quit

traffic behavior b1

deny

quit

traffic policy p1

classifier c1 behavior b1

quit

interface GigabitEthernet0/0/1

traffic-policy p1 inbound

To block specific application protocols, a second ACL acl 3000 is defined with rules that deny TCP traffic destined for ports 25 (SMTP), 110 (POP3), and 80 (HTTP):

acl 3000

rule deny tcp destination-port eq 25

rule deny tcp destination-port eq 110

rule deny tcp destination-port eq 80

quit

The same classifier c1, behavior b1, and policy p1 are reused, and the policy is again applied inbound on the same interface, effectively filtering the specified application traffic.