Configuration Guide Configuring ACL
For details about the ACE configuration commands, see the earlier descriptions about the IP ACL, MAC extended ACL,
expert extended ACL, or IPv6 ACL.
 Applying an ACL
For details about the command for applying an ACL, see the earlier descriptions about the IP ACL, MAC extended ACL,
expert extended ACL, or IPv6 ACL.
Configuration Example
The following configuration example describes only ACL-related configurations.
 Adding an ACE With the Time Range Specified to Allow the R&D Department to Access the Internet Between
12:00 and 13:30 Every Day
 Configure a time range named "access-internet", and add an entry of the time range between 12:00
and 13:30 every day.
 Configure an IP ACL "ip_std_internet_acl".
 Add an ACE to allow packets with the source IP address in the network segment 10.1.1.0/24, and
associate this ACE with the time zone "access-internet".
 Add an ACE to deny packets with the source IP address the network segment 10.1.1.0/24. Access to
the Internet is not allowed except in the specified time range.
 Add an ACE to permit all packets.
 Apply the ACL to the outgoing direction of the interface connected to the breakout gateway.
Ruijie(config)# time-range access-internet
Ruijie(config-time-range)# periodic daily 12:00 to 13:30
Ruijie(config-time-range)# exit
sw1(config)# ip access-list standard ip_std_internet_acl
sw1(config-std-nacl)# permit 10.1.1.0 0.0.0.255 time-range access-internet
To Next Page
Loading...
Need help?
General
