3Com 7757 Configuration Manual page 654

654 C 60: ACL C
HAPTER ONFIGURATION
Advanced ACL
Configuration Example
n
Layer 2 ACL
Configuration Example
Network requirements
Different departments of an enterprise are interconnected on the intranet through
the ports of a switch. The IP address of the wage query server is 192.168.1.2.
Devices of the R&D department are connected to the Ethernet 2/0/1 port of the
switch. Apply an ACL to deny requests sourced from the R&D department and
destined for the wage server during the working hours (8:00 to 18:00).
Network diagram
Figure 167 Network diagram for advanced ACL configuration
R&D
department
Configuration procedure
Only the commands related to the ACL configuration are listed below.
1 Define the time range
# Define a time range that contain a periodic time section from 8:00 to 18:00.
<SW7750> system-view
[SW7750] time-range test 8:00 to 18:00 working-day
2 Define an ACL for filtering requests destined for the wage server.
# Create ACL 3000.
[SW7750] acl number 3000
# Define an ACL rule for requests destined for the wage server.
[SW7750-acl-adv-3000] rule 1 deny ip destination 192.168.1.2 0 time-range test
[SW7750-acl-adv-3000] quit
3 Apply the ACL on a port.
# Apply ACL 3000 on the Ethernet 2/0/1 port.
[SW7750] interface Ethernet 2/0/1
[SW7750-Ethernet2/0/1] qos
[SW7750-qosb-Ethernet2/0/1] packet-filter inbound ip-group 3000
Network requirements
Through Layer 2 ACL configuration, packets with the source MAC address of
0011-0011-0011 and destination MAC address of 0011-0011-0012 are to be
To the router
Eth2 /0/1 Eth2/0 /2
Switch
Wage query server
192 .168 .1 .2