14
ACL configuration example
Network requirements
A company interconnects its departments through the AC. Configure a packet filter to:
• Permit access from the President's office at any time to the financial database server.
• Permit access from the Financial department to the database server only during working hours
(from 8:00 to 18:00) on working days.
• Deny access from any other department to the database server.
Figure 1 Network diagram
Configuration procedure
# Create a periodic time range from 8:00 to 18:00 on working days.
<AC> system-view
[AC] time-range work 08:0 to 18:00 working-day
# Create an IPv4 advanced ACL numbered 3000.
[AC] acl advanced 3000
# Configure a rule to permit access from the President's office to the financial database server.
[AC-acl-ipv4-adv-3000] rule permit ip source 192.168.1.0 0.0.0.255 destination
192.168.0.100 0
# Configure a rule to permit access from the Financial department to the database server during
working hours.
[AC-acl-ipv4-adv-3000] rule permit ip source 192.168.2.0 0.0.0.255 destination
192.168.0.100 0 time-range work
# Configure a rule to deny access to the financial database server.
AC
GE 1/0/1
Financial database server
192.168.0.100
IP network
AP 1 AP 3
President's office
192.168.1.0/24
Marketing department
192.168.3.0/24
AP 2
Financial department
192.168.2.0/24
To Next Page
Loading...
