Конфигурим access control list в 3Com

Создаем access control list.

acl number acl_number [ match-order { config | auto } ]

Добавляем правило в ACL (from Advanced ACL View)

rule [ rule_id ] { permit | deny } protocol [ source { source_addr wildcard | any } ] [ destination { dest_addr wildcard | any }

][ source-port operator port1 [ port2 ] ] [ destination-port operator port1 [ port2 ] ] [ icmp-type type code ] [ established ]

[ [ { precedence precedence tos tos | dscp dscp vpn-instance instance ] fragment ]*

Пример вышесказанного:

[Switch B]acl number 2000

[Switch B-acl-basic-2000]rule deny source 30.0.0.0 0.255.255.255

[Switch B-acl-basic-2000]rule permit source any

Виды ACL:

Numbered basic ACL— 2000 to 2999

Numbered advanced ACL 3000 to 3999

Numbered Layer-2 ACL 4000 to 4999

Numbered user-defined ACL 5000 to 5999

The sub items of an ACL 0 to 65534

Пример Access Control Configuration

Administration Departmentsubnet address 10.120.0.0

Financial Departmentsubnet address10.110.0.0 Office of President 129.111.1.2

Pay query server  129.110.1.

1 Define the work time range

Define time range from 8:00 to 18:00.

[4500]time-range 3Com 8:00 to 18:00 working-day

2 Define the ACL to access the payment server.

a Enter the numbered advanced ACL, number as 3000.

[4500]acl number 3000 match-order config

b Define the rules for other department to access the payment server.

[4500-acl-adv-3000]rule 1 deny ip source 129.110.1.2 0.0.255.255 destination 129.112.1.2 time-range 3Com

c Define the rules for the President’s Office to access the payment server.

[4500-acl-adv-3000]rule 2 permit ip source 129.111.1.2 0.0.0.0 destination 129.110.1.2 0.0.0.0

3 Activate ACL.

[4500-GigabitEthernet1/0/50]packet-filter inbound ip-group 2000

Добавить комментарий

Ваш e-mail не будет опубликован. Обязательные поля помечены *