Configuration procedure

# Define ACL 2001. <device> system-view [device] acl number 2001

[device-acl-basic-2001] rule 1 permit source 10.110.100.46 0

[device-acl-basic-2001] quit

# Reference ACL 2001 to control users logging in to the Web server.

[device] ip http acl 2001

Examples for Applying ACLs to Hardware

Basic ACL Configuration Example

Network requirements

As shown in Figure 1-3, PC1 and PC2 connect to Switch through GigabitEthernet 1/0/1. PC1’s IP address is 10.1.1.1. Apply an ACL on GigabitEthernet 1/0/1 to deny packets with the source IP address of 10.1.1.1 from 8:00 to 18:00 everyday.

Figure 1-3Network diagram for basic ACL configuration

PC1

10.1.1.1

PC2

GEth1/0/1 To the router

Switch

Configuration procedure

# Define a periodic time range that is active from 8:00 to 18:00 everyday.

<device> system-view

[device] time-range test 8:00 to 18:00 daily

# Define ACL 2000 to filter packets with the source IP address of 10.1.1.1.

[device] acl number 2000

[device-acl-basic-2000] rule 1 deny source 10.1.1.1 0 time-range test

[device-acl-basic-2000] quit

# Apply ACL 2000 on GigabitEthernet 1/0/1.

[device] interface GigabitEthernet1/0/1

[device-GigabitEthernet1/0/1] packet-filter inbound ip-group 2000

Advanced ACL Configuration Example

Network requirements

As shown in Figure 1-4, different departments of an enterprise are interconnected through Switch. The IP address of the wage query server is 192.168.1.2. The R&D department is connected to

1-13

Page 356
Image 356
3Com WX3000 Examples for Applying ACLs to Hardware, Basic ACL Configuration Example, Advanced ACL Configuration Example