Configuration Example; Reflexive Acl Configuration Example - H3C S9500 Series Operating Manual

Operation Manual – QoS
H3C S9500 Series Routing Switches
Configure packet
redirection to redirect
the packet on the
specified port to the
service processing
board

6.3 Configuration Example

6.3.1 Reflexive ACL Configuration Example

I. Network requirements
Configure the reflexive ACL so that the public network user can access the private
network only after the private network user accesses the public network, thus avoiding
attack from external networks and ensuring security of the private network.
You can configure the reflexive ACL by configuring proper ACL and rule.
Caution:
There is a difference between the modes implementing the reflexive ACL on NAM and
NAT. The configuration in this example is implemented on the NAM service board.
II. Network diagram
Public network
VLAN2
PC A
1.0.0.1/8
Figure 6-1 Network diagram for reflexive ACL configuration
To do...
traffic-redirect inbound ip-group
{ acl-number | acl-name } rule rule
link-group { acl-number | acl-name } [ rule
rule ] slot slot-id designated-vlan vlanid
[ join-vlan ]
Or
traffic-redirect inbound ip-group
{ acl-number | acl-name } link-group
{ acl-number | acl-name } rule rule slot
slot-id designated-vlan vlanid [ join-vlan ]
GE7/1/8
Private network
GE7/1/1 GE7/1/2
VLAN3
PC B
2.0.0.1/8
Use the command...
6-7
Chapter 6 EACL Configuration
Remarks
Required
"slotid"
indicates
the number
of the slot
where the
service
processing
board
resides.