Network diagram, Configuration procedure, 8 configuration procedure – H3C Technologies H3C WX6000 Series Access Controllers User Manual

41-8

Network Diagram

Figure 41-1

Network diagram for IPv4 ACL configuration

GE0/0/4

GE0/0/1

GE0/0/2

GE0/0/3

192.168.1.0/24

192.168.4.1

AC

R&D department

Marketing department

Salary query server

President

’

s office

192.168.2.0/24

192.168.3.0/24

Configuration Procedure

1) Create a time range for office hours

# Create a periodic time range spanning 8:00 to 18:00 in working days.

<AC> system-view

[AC] time-range trname 8:00 to 18:00 working-day

2) Define an ACL to control access to the salary query server

# Configure a rule to control access of the R&D Department to the salary query server.

[AC] acl number 3000

[AC-acl-adv-3000] rule deny ip source 192.168.2.0 0.0.0.255 destination 192.168.4.1 0.0.0.0

time-range trname

[AC-acl-adv-3000] quit

# Configure a rule to control access of the Marketing Department to the salary query server.

[AC] acl number 3001

[AC-acl-adv-3001] rule deny ip source 192.168.3.0 0.0.0.255 destination 192.168.4.1 0.0.0.0

time-range trname

[AC-acl-adv-3001] quit

3) Apply the IPv4 ACL

# Configure class c_rd for packets matching IPv4 ACL 3000.

[AC] traffic classifier c_rd

[AC-classifier-c_rd] if-match acl 3000

[AC-classifier-c_rd] quit

# Configure traffic behavior b_rd to deny matching packets.

[AC] traffic behavior b_rd

[AC-behavior-b_rd] filter deny

[AC-behavior-b_rd] quit

# Configure class c_market for packets matching IPv4 ACL 3001.

[AC] traffic classifier c_market