Network diagram, Configuration procedure – H3C Technologies H3C S7500E Series Switches User Manual

1-16

Network Diagram

Figure 1-1 Network diagram for IPv4 ACL configuration

GE2/0/4

GE2/0/1

GE2/0/2

GE2/0/3

192.168.1.0/24

192.168.4.1

Switch

R&D department

192.168.2.0/24

Salary server

Marketing department

192.168.3.0/24

President’s Office

Configuration Procedure

Create a time range for office hours

# Create a periodic time range spanning 8:00 to 18:00 in working days.

<Switch> system-view

[Switch] time-range trname 8:00 to 18:00 working-day

Define an ACL to control access to the salary query server

# Configure a rule to control access of the R&D Department to the salary query server.

[Switch] acl number 3000

[Switch-acl-adv-3000] rule deny ip source 192.168.2.0 0.0.0.255 destination 192.168.4.1

0.0.0.0 time-range trname

[Switch-acl-adv-3000] quit

# Configure a rule to control access of the Marketing Department to the salary query server.

[Switch] acl number 3001

[Switch-acl-adv-3001] rule deny ip source 192.168.3.0 0.0.0.255 destination 192.168.4.1

0.0.0.0 time-range trname

[Switch-acl-adv-3001] quit

Apply the IPv4 ACL

# Configure class c_rd for packets matching IPv4 ACL 3000.

[Switch] traffic classifier c_rd

[Switch-classifier-c_rd] if-match acl 3000

[Switch-classifier-c_rd] quit

# Configure traffic behavior b_rd to deny matching packets.

[Switch] traffic behavior b_rd

[Switch-behavior-b_rd] filter deny

[Switch-behavior-b_rd] quit

# Configure class c_market for packets matching IPv4 ACL 3001.

[Switch] traffic classifier c_market

[Switch-classifier-c_market] if-match acl 3001

[Switch-classifier-c_market] quit