Table of Contents
Advertisement
136
C
8: ACL C
HAPTER
ONFIGURATION
Advanced ACL
Configuration Example
The matched information of
the Switch's CPU.
For syntax description, refer to the Command Reference Guide.
Networking Requirements
The interconnection between different departments on a company network is
implemented through the 1000 Mbps ports of the Switch. The Subnet IP address
of the Financial Dept. is 129.110.0.0, the IP address of the pay query server is
129.112.1.2. The Financial Dept is accessed via GigabitEthernet1/0/50. It is
required to properly configure the ACL and limit Financial Dept access to the
payment query server between 8:00 and 18:00.
Networking Diagram
Figure 36 Access Control Configuration Example
Configuration Procedure
In the following configurations, only the commands related to ACL configurations
are listed.
1 Define the work time range
Define time range from 8:00 to 18:00.
[4500]time-range 3Com 8:00 to 18:00 working-day
2 Define the ACL to access the payment server.
a Enter the numbered advanced ACL, number as 3000.
[4500]acl number 3000 match-order config
b Define the rules for other department to access the payment server.
[4500-acl-adv-3000]rule 1 deny ip source 129.110.1.2 0.0.255.255
destination 129.112.1.2 time-range 3Com
c Define the rules for the President's Office to access the payment server.
[4500-acl-adv-3000]rule 2 permit ip source 129.111.1.2 0.0.0.0
destination 129.110.1.2 0.0.0.0
3 Activate ACL.
command specifies the rules treated by
display acl
Office of President
129.111.1.2
#4
#3
#2
#1
Switch
Financial Department
subnet address
Connected to a router
10.110.0.0
Pay query server
129.110.1.2
Administration Department
subnet address
10.120.0.0
Advertisement
Table of Contents
Troubleshooting
