HP FlexNetwork 6600 Configuration Manual page 18

Figure 1 Network diagram
President office
192.168.1.0/24
Configuration procedure
# Create a periodic time range from 8:00 to 18:00 on working days.
<RouterA> system-view
[RouterA] time-range work 8:0 to 18:0 working-day
# Create an IPv4 advanced ACL numbered 3000 and configure three rules in the ACL. One rule
permits access from the President office to the financial database server, one rule permits access
from the Financial department to the database server during working hours, and one rule denies
access from any other department to the database server.
[RouterA] acl number 3000
[RouterA-acl-adv-3000] rule permit ip source 192.168.1.0 0.0.0.255 destination
192.168.0.100 0
[RouterA-acl-adv-3000] rule permit ip source 192.168.2.0 0.0.0.255 destination
192.168.0.100 0 time-range work
[RouterA-acl-adv-3000] rule deny ip source any destination 192.168.0.100 0
[RouterA-acl-adv-3000] quit
# Enable IPv4 firewall, and apply IPv4 advanced ACL 3000 to filter outgoing packets on interface
GigabitEthernet 1/0/1.
[RouterA] firewall enable
[RouterA] interface gigabitethernet 1/0/1
[RouterA-GigabitEthernet1/0/1] firewall packet-filter 3000 outbound
[RouterA-GigabitEthernet1/0/1] quit
Verifying the configuration
# Ping the database server from a PC in the Financial department during working hours. (All PCs in
this example use Windows XP.)
C:\> ping 192.168.0.100
Pinging 192.168.0.100 with 32 bytes of data:
Reply from 192.168.0.100: bytes=32 time=1ms TTL=255
Reply from 192.168.0.100: bytes=32 time<1ms TTL=255
Reply from 192.168.0.100: bytes=32 time<1ms TTL=255
Financial database server
192.168.0.100/24
GE1/0/1
GE1/0/2 GE1/0/4
Device A
GE1/0/3
Financial department
192.168.2.0/24
11
Marketing department
192.168.3.0/24