848 CHAPTER 63: IPV4 ACL CONFIGURATION
Network Diagram Figure 253 Network diagram for IPv4 ACL configuration
Configuration Procedure
1 Create a time range for office hours
# Create a periodic time range spanning 8:00 to 18:00 in working days.
<Switch> system-view
[Switch] time-range trname 8:00 to 18:00 working-day
2 Define an ACL to control access to the salary query server
# Configure a rule to control access of the R&D Department to the salary query
server.
[Switch] acl number 3000
[Switch-acl-adv-3000] rule deny ip source 192.168.2.0 0.0.0.255 dest
ination 192.168.4.1 0.0.0.0 time-range trname
[Switch-acl-adv-3000] quit
# Configure a rule to control access of the Marketing Department to the salary
query server.
[Switch] acl number 3001
[Switch-acl-adv-3001] rule deny ip source 192.168.3.0 0.0.0.255 dest
ination 192.168.4.1 0.0.0.0 time-range trname
[Switch-acl-adv-3001] quit
3 Apply the IPv4 ACL
# Configure class c_rd for packets matching IPv4 ACL 3000.
[Switch] traffic classifier c_rd
[Switch-classifier-c_rd] if-match acl 3000
[Switch-classifier-c_rd] quit
# Configure traffic behavior b_rd to deny matching packets.
GE1/0/4GE1/0/1
GE1/0/2 GE 1/0/3
192.168.4.1
Switch
R&D department
Marketing department
Salary query server
President`s office
192.168.2.0/24
192.168.3.0/24
192.168.1.0/24
To Next Page
Loading...
