Example For Configuring An Advanced Acl - Huawei Quidway S2700 Series Configuration Manual

Quidway S2700 Series Ethernet Switches
Configuration Guide - Security
<Quidway>
User Defined Traffic Policy Information:
Policy: tp1
----End
Configuration Files
#
acl number 2000
rule 5 permit source 10.0.0.0 0.0.0.255
#
traffic classifier tc1 operator and
if-match acl 2000
#
traffic behavior tb1
deny
#
traffic policy tp1
classifier tc1 behavior tb1
#
interface GigabitEthernet0/0/1
traffic-policy tp1 inbound
#
return

9.5.2 Example for Configuring an Advanced ACL

Networking Requirements
As shown in
is required that the IPv4 ACL be configured correctly. The personnel of the R&D department
and marketing department cannot access the salary query server at 10.164.9.9 from 8:00 to 17:30,
whereas the personnel of the president's office can access the server at any time.
Figure 9-2 Networking diagram for configuring IPv4 ACLs
Marketing department
Issue 01 (2011-07-15)
display traffic policy user-defined tp1
Classifier: tc1
Operator: AND
Behavior: tb1
Deny
Figure 9-2, the departments of the company are connected through the Switchs. It
Ethernet
0/0/2
Switch
10.164.2.0/24
R&D department
10.164.3.0/24
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Salary query server
10.164.9.9
Ethernet
0/0/4
Ethernet
0/0/1
Ethernet
0/0/3
President's office
10.164.1.0/24
9 ACL Configuration
171