136
C
HAPTER
8: ACL C
ONFIGURATION
The matched information of
display acl
command specifies the rules treated by
the Switch’s CPU.
For syntax description, refer to the
Command Reference Guide
.
Advanced ACL
Configuration Example
Networking Requirements
The interconnection between different departments on a company network is
implemented through the 1000 Mbps ports of the Switch. The Subnet IP address
of the Financial Dept. is 129.110.0.0, the IP address of the pay query server is
129.112.1.2. The Financial Dept is accessed via GigabitEthernet1/0/50. It is
required to properly configure the ACL and limit Financial Dept access to the
payment query server between 8:00 and 18:00.
Networking Diagram
Figure 36
Access Control Configuration Example
Configuration Procedure
In the following configurations, only the commands related to ACL configurations
are listed.
1
Define the work time range
Define time range from 8:00 to 18:00.
[4500]
time-range 3Com 8:00 to 18:00 working-day
2
Define the ACL to access the payment server.
a
Enter the numbered advanced ACL, number as 3000.
[4500]
acl number 3000 match-order config
b
Define the rules for other department to access the payment server.
[4500-acl-adv-3000]
rule 1 deny ip source 129.110.1.2 0.0.255.255
destination 129.112.1.2 time-range 3Com
c
Define the rules for the President’s Office to access the payment server.
[4500-acl-adv-3000]
rule 2 permit ip source 129.111.1.2 0.0.0.0
destination 129.110.1.2 0.0.0.0
3
Activate ACL.
Administration Department
subnet address
10.120.0.0
Financial Department
subnet address
10.110.0.0
Office of President
129.111.1.2
Pay query server
129.110.1.2
Switch
#1
#4
#3
#2
Connected to a router
Summary of Contents for 400 Family
Page 12: ......
Page 16: ...14 ABOUT THIS GUIDE ...
Page 58: ...56 CHAPTER 2 PORT OPERATION ...
Page 68: ...66 CHAPTER 3 VLAN OPERATION ...
Page 98: ...96 CHAPTER 5 NETWORK PROTOCOL OPERATION ...
Page 124: ...122 CHAPTER 6 IP ROUTING PROTOCOL OPERATION ...
Page 156: ...154 CHAPTER 8 ACL CONFIGURATION ...
Page 218: ...216 CHAPTER 11 802 1X CONFIGURATION ...
Page 298: ...296 CHAPTER 13 PASSWORD CONTROL CONFIGURATION OPERATIONS ...
Page 336: ...334 APPENDIX B RADIUS SERVER AND RADIUS CLIENT SETUP ...