Configuration Guide Access Control List Configuration
Switch B configuration:
Ruijie(config)# interface GigabitEthernet 0/1
Ruijie(config-if)# ip address 192.168.12.1 255.255.255.0
Ruijie(config-if)# exit
Ruijie(config)# interface GigabitEthernet 0/2
Ruijie(config-if)# ip address 2.2.2.2 255.255.255.0
Ruijie(config-if)# ip access-group 101 in
Ruijie(config-if)# ip access-group 101 out
According to requirements, configure an extended access list numbered 101
access-list 101 permit tcp 192.168.12.0 0.0.0.255 any eq telnet time-range check
Ruijie(config)# access-list 101 deny icmp 192.168.12.0 0.0.0.255 any
Ruijie(config)# access-list 101 deny ip 2.2.2.0 0.0.0.255 any
Ruijie(config)# access-list 101 deny ip any any
Configure the time range
Ruijie(config)# time-range check
Ruijie(config-time-range)# periodic weekdays 8:30 to 17:30
For access list 101. the lat rule sentence ”access-list 101 deny ip any
any” is not needed, for the ending part of the access list implicates a
“deny any” rule sentence.
Switch A configuration:
Ruijie(config)# hostname Ruijie
Ruijie(config)# interface GigabitEthernet 0/1
Ruijie(config-if)# ip address 192.168.202.1 255.255.255.0
Ruijie(config)# interface GigabitEthernet 0/2
Ruijie(config-if)# ip address 2.2.2.1 255.255.255.0
Configuring Extended MAC Address-based Access Control List
To configure MAC address-based access control lists on a device, you must specify unique names or
numbers for the access lists of a protocol to uniquely identifying each access list inside the protocol.
The following table lists the range of the numbers that can be used to specify MAC access lists.
Configuration Guide of Extended MAC Address-based Access Control List
When you create an expert access list, defined rules will be applied to all packet messages on a
switch. The switch decides whether to forward or block a packet messages by judging whether the
packet matches a rule.
The typical rules defined in MAC access lists are the following:
To Next Page
Loading...
