Access Control Rule Configuration Example; Two; Figure 3 Access Control Rule Configuration Example Two - Zte ZXR10 8900 Series User Manual

10g routing switch

Hide thumbs Also See for ZXR10 8900 Series:

User manual (186 pages)

Command manual (177 pages)

Command reference manual (147 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

page of 147

/ 147
Contents
Table of Contents
Bookmarks

Table of Contents

ZXR10 8900 Series User Manual (FW Volume)

Confidential and Proprietary Information of ZTE CORPORATION

To permit intranet users to access web server, execute the fol-

lowing command:

ZXR10_FW #firewall policy add action accept

srcarea area_gei_2/1 dst 172.16.1.3 service HTTP

To permit leaders of project team to access extranet and deny

common members of project team accessing extranet, execute

the following command:

ZXR10_FW #firewall policy add action deny ssrcvlan

vlan.0002 src rd_group dstarea area_vlan4 service HTTP

Notes:

�

It needs to select the actual IP address of web server as desti-

nation address, since FW needs translating destination address

of the packet firstly. When an intranet user access web server

of SSN area through http://192.168.100.143, destination ad-

dress of the packet will be translated to 172.16.1.3 since it

meets NAT destination address translation rule. The next step

is to proceed access rule query. Only when destination address

is set to actual ip address of web server, can intranet user ac-

cess web server of SSN area.

�

When defining destination address translation rule, don't select

destination area and destination vlan.

Access Control Rule Configuration Example Two

An enterprise network is divided into three areas: area_vlan1,

area_vlan2 and area_vlan3.

interface vlan1, interface vlan2 and interface vlan3 respectively.

Area_vlan1 is connected with extranet and permits user access.

Area_vlan2 and area_vlan3 forbid user to access. Server locates

in area_vlan2 and IP address is 192.168.100.140.

locates in area_vlan3 and network address is 192.168.101.0.

Enterprise network structure is shown in

User has the following requirements:

Intranet user can access TELNET, SSH, FTP and Web_port services

on server, where Web_port service is customized, and port id is

8080; intranet user cannot access other servers and services on

Interface vlan 2. Extranet user can access TCP service on Interface

vlan 2 server and the port id is 8080.

3 A

IGURE

CCESS

ONTROL

The three areas are bound with

Figure

ULE

ONFIGURATION

Intranet

XAMPLE

Table of Contents

Access Control Rule Configuration Example; Two; Figure 3 Access Control Rule Configuration Example Two - Zte ZXR10 8900 Series User Manual

Related Manuals for Zte ZXR10 8900 Series

Related Content for Zte ZXR10 8900 Series

Table of Contents