Figure 11-2 Networking Diagram For Configuring Ipv4 Acls - Huawei Quidway S9300 Configuration Manual

11 ACL Configuration
traffic behavior tb1
ip urpf disable
#
traffic policy tp1
classifier tc1 behavior tb1
#
interface GigabitEthernet1/0/1
urpf strict
traffic-policy tp1 inbound
#
interface GigabitEthernet2/0/1
urpf strict
#
return
11.5.2 Example for Configuring an Advanced ACL
Networking Requirements
As shown in
It is required that the IPv4 ACL be configured correctly. The personnel of the R&D department
and marketing department cannot access the salary query server at 10.164.9.9 from 8:00 to 17:30,
whereas the personnel of the president's office can access the server at any time.

Figure 11-2 Networking diagram for configuring IPv4 ACLs

Marketing department
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
3.
4.
11-16
Figure 11-2, the departments of the company are connected through the S9300s.
GE1/0/2
10.164.2.0/24
Assign IP addresses to interfaces.
Configure the time range.
Configure the ACL.
Configure the traffic classifier.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Salary query server
10.164.9.9
GE2/0/1
GE1/0/1
GE1/0/3
R&D department
10.164.3.0/24
Quidway S9300 Terabit Routing Switch
Configuration Guide - Security
President's office
10.164.1.0/24
Issue 06 (2010–01–08)