Vlan-acl, Roubleshooting, 4 vlan-acl troubleshooting – QTECH QSW-2800 Инструкция по настройке User Manual

+7(495) 797-3311 www.qtech.ru
Москва, Новозаводская ул., 18, стр. 1

348

Switch(config)# ip access-list extended vacl_a

Switch(config-ip-ext-nacl-vacl_a)# permit ip any-source 192.168.0.0 0.0.0.255 time-range t1

Switch(config-ip-ext-nacl-vacl_a)# deny ip any-source any-destination time-range t1

3) Configure the extended acl_b of IP, at any time it only allows to access resource within the

internal network (such as 192.168.1.255).

Switch(config)#ip access-list extended vacl_b

Switch(config-ip-ext-nacl-vacl_a)# permit ip any-source 192.168.1.0 0.0.0.255

Switch(config-ip-ext-nacl-vacl_a)# deny ip any-source any-destination

4) Apply the configuration to VLAN

Switch(config)#firewall enable

Switch(config)#vacl ip access-group vacl_a in vlan 1

Switch(config)#vacl ip access-group vacl_b in vlan 2

49.4 VLAN-ACL Troubleshooting

When VLAN ACL and Port ACL are configured at the same time, the principle of denying firstly

is used. When the packets match VLAN ACL and Port ACL at the same time, as long as one

rule is drop, then the final action is drop.

Each ACL of different types can only apply one on a VLAN, such as the basic IP ACL, each

VLAN can applies one only.