HP FlexNetwork MSR Series Configuration Manuals page 23

Figure 2 Network diagram
President
zone
President's office
192.168.1.0/24
Configuration procedure
# Create security zone Server, and add interface GigabitEthernet 1/0/1 to the security zone.
<Device> system-view
[Device] security-zone name Server
[Device-security-zone-Server] import interface gigabitethernet 1/0/1
[Device-security-zone-Server] quit
# Create security zone President, and add interface GigabitEthernet 1/0/2 to the security zone.
[Device] security-zone name President
[Device-security-zone-President] import interface gigabitethernet 1/0/2
[Device-security-zone-President] quit
# Create security zone Finance, and add interface GigabitEthernet 1/0/3 to the security zone.
[Device] security-zone name Finance
[Device-security-zone-Finance] import interface gigabitethernet 1/0/3
[Device-security-zone-Finance] quit
# Create security zone Market, and add interface GigabitEthernet 1/0/4 to the security zone.
[Device] security-zone name Market
[Device-security-zone-Market] import interface gigabitethernet 1/0/4
[Device-security-zone-Market] quit
# Create a periodic time range from 8:00 to 18:00 on working days.
[Device] time-range work 08:0 to 18:00 working-day
# Configure ACL 3000 to permit access from the President's office at any time to the financial
database server.
[Device] acl advanced 3000
[Device-acl-ipv4-adv-3000] rule permit ip source 192.168.1.0 0.0.0.255 destination
192.168.0.100 0
[Device-acl-ipv4-adv-3000] quit
# Configure ACL 3001 to permit access from the Financial department to the financial database
server only during working hours on working days.
Server zone
Financial database server
192.168.0.100/24
GE1/0/1
GE1/0/2 GE1/0/4
Device
GE1/0/3
Finance
zone
Financial department
192.168.2.0/24
21
Market
zone
Marketing department
192.168.3.0/24