Configuration procedure, Verifying the configuration – H3C Technologies H3C SecPath F1000-E User Manual

22

Figure 16 Network diagram

Configuration procedure

# Create a periodic time range from 8:00 to 18:00 on working days.

<SecPath> system-view

[SecPath] time-range work 8:0 to 18:0 working-day

# Create an IPv6 advanced ACL numbered 3000 and configure three rules in the ACL. One rule permits
access from the President’s office to the financial database server, one rule permits access from the

Financial department to the database server during working hours, and one rule denies access from any

other department to the database server.

[SecPath] acl ipv6 number 3000

[SecPath-acl6-adv-3000] rule permit ipv6 source 1001:: 16 destination 1000::100 128

[SecPath-acl6-adv-3000] rule permit ipv6 source 1002:: 16 destination 1000::100 128

time-range work

[SecPath-acl6-adv-3000] rule deny ipv6 source any destination 1000::100 128

[SecPath-acl6-adv-3000] quit

# Enable IPv6 firewall, and apply IPv6 ACL 3000 to filter outgoing packets on interface GigabitEthernet
0/1.

[SecPath] firewall ipv6 enable

[SecPath] interface GigabitEthernet 0/1

[SecPath-GigabitEthernet0/1] firewall packet-filter ipv6 3000 outbound

[SecPath-GigabitEthernet0/1] quit

Verifying the configuration

# Ping the database server from a PC in the Financial department during the working hours. (All PCs in

this example use Windows XP).

C:\> ping 1000::100

Pinging 1000::100 with 32 bytes of data:

Reply from 1000::100: time<1ms

Reply from 1000::100: time<1ms

Reply from 1000::100: time<1ms