4-11
z Permits access from the President’s office at any time to the salary server of the Financial
department.
z Deny access from any other department to the salary server during working hours (from 8:00 to
18:00) on working days.
Figure 4-1 Network diagram for ACL configuration
Configuration Procedure
1) Create a time range for office hours
# Create a periodic time range from 8:00 to 18:00 in working days.
<AP> system-view
[AP] time-range trname 8:00 to 18:00 working-day
2) Define an ACL to control access to the salary server
# Create an advanced IPv4 ACL numbered 3000 and enter its view.
[AP] acl number 3000
# Create a rule to allow access from the President’s office to the salary server.
[AP-acl-adv-3000] rule 1 permit ip source 129.111.1.2 0.0.0.0 destination 129.110.1.2 0.0.0.0
[AP-acl-adv-3000] quit
# Create an advanced IPv4 ACL numbered 3001 and enter its view.
[AP] acl number 3001
# Create a rule to deny access from any other department to the salary server during working hours.
[AP-acl-adv-3001] rule 1 deny ip source any destination 129.110.1.2 0.0.0.0 time-range trname
[AP-acl-adv-3001] quit
3) Apply the ACLs
# Apply IPv4 ACL 3000 and ACL 3001.
[AP] traffic classifier access1
[AP-classifier-access1] if-match acl 3000
[AP-classifier-access1] quit
[AP] traffic behavior access1
[AP-behavior-access1] filter permit
[AP] traffic classifier access2
[AP-classifier-access2] if-match acl 3001
[AP-classifier-access2] quit
[AP] traffic behavior access2
To Next Page
Loading...
