3com 3.01.01 用户手册
214
C
HAPTER
7: Q
O
S/ACL O
PERATION
Figure 1 Networking for advanced ACL configuration
Only the commands concerning ACL configuration are listed here.
1 Define the time range from 8:00 to 18:00.
[SW8800]time-range 3com 8:00 to 18:00 working-day
2 Define inbound traffic to the wage server.
Create a name-based advanced ACL "traffic-of-payserver" and enter it.
[SW8800]acl name traffic-of-payserver advanced
Define ACL rule for other departments.
[SW8800-acl-adv-traffic-of-payserver]rule 1 deny ip source any
destination 129.110.1.2 0.0.0.0 time-range 3com
Define an ACL rule for CEO's office.
[SW8800-acl-adv-traffic-of-payserver]rule 2 permit ip source
129.111.1.2 0.0.0.0 destination 129.110.1.2 0.0.0.0
3 Activate the ACL "traffic-of-payserver".
[SW8800-GigabitEthernet2/1/1]packet-filter inbound ip-group
traffic-of-payserver
Basic ACL Configuration
Example
With proper basic ACL configuration, during the time range from 8:00 to 18:00
everyday the switch filters the packets from the host with source IP 10.1.1.1 (the
host is connected through the port GigabitEthernet2/1/1 to the switch.)
everyday the switch filters the packets from the host with source IP 10.1.1.1 (the
host is connected through the port GigabitEthernet2/1/1 to the switch.)
Administrative Dept
Financial Dept
President's office
129.111.1.2
Wage server
129.110.1.2
Switch
#1
#4
#3
#2
To router