Создаем access control list.
acl number acl_number [ match-order { config | auto } ]
Добавляем правило в ACL (from Advanced ACL View)
rule [ rule_id ] { permit | deny } protocol [ source { source_addr wildcard | any } ] [ destination { dest_addr wildcard | any }
][ source-port operator port1 [ port2 ] ] [ destination-port operator port1 [ port2 ] ] [ icmp-type type code ] [ established ]
[ [ { precedence precedence tos tos | dscp dscp vpn-instance instance ] fragment ]*
Пример вышесказанного:
[Switch B]acl number 2000
[Switch B-acl-basic-2000]rule deny source 30.0.0.0 0.255.255.255
[Switch B-acl-basic-2000]rule permit source any
Виды ACL:
Numbered basic ACL— 2000 to 2999
Numbered advanced ACL 3000 to 3999
Numbered Layer-2 ACL 4000 to 4999
Numbered user-defined ACL 5000 to 5999
The sub items of an ACL 0 to 65534
Пример Access Control Configuration
Administration Departmentsubnet address 10.120.0.0
Financial Departmentsubnet address10.110.0.0 Office of President 129.111.1.2
Pay query server 129.110.1.
1 Define the work time range
Define time range from 8:00 to 18:00.
[4500]time-range 3Com 8:00 to 18:00 working-day
2 Define the ACL to access the payment server.
a Enter the numbered advanced ACL, number as 3000.
[4500]acl number 3000 match-order config
b Define the rules for other department to access the payment server.
[4500-acl-adv-3000]rule 1 deny ip source 129.110.1.2 0.0.255.255 destination 129.112.1.2 time-range 3Com
c Define the rules for the President’s Office to access the payment server.
[4500-acl-adv-3000]rule 2 permit ip source 129.111.1.2 0.0.0.0 destination 129.110.1.2 0.0.0.0
3 Activate ACL.
[4500-GigabitEthernet1/0/50]packet-filter inbound ip-group 2000
Домашняя