HP 6125XLG R2306-HP 6125XLG Blade Switch ACL and QoS Configuration Guide - Page 18

Figure 1 Network diagram Financial database server 192.168.0.100/24 TGE 1/0/1 Device A President's office 192.168.1.0/24 Financial department 192.168.2.0/24 Marketing department 192.168.3.0/24 Configuration procedure # Create a periodic time range from 8:00 to 18:00 on working days. system-view [DeviceA] time-range work 08:00 to 18:00 working-day # Create an IPv4 advanced ACL numbered 3000 and configure three rules in the ACL. One rule permits access from the President's office to the financial database server, one rule permits access from the Financial department to the database server during working hours, and one rule denies access from any other department to the database server. [DeviceA] acl number 3000 [DeviceA-acl-adv-3000] rule permit ip source 192.168.1.0 0.0.0.255 destination 192.168.0.100 0 [DeviceA-acl-adv-3000] rule permit ip source 192.168.2.0 0.0.0.255 destination 192.168.0.100 0 time-range work [DeviceA-acl-adv-3000] rule deny ip source any destination 192.168.0.100 0 [DeviceA-acl-adv-3000] quit # Apply IPv4 advanced ACL 3000 to filter outgoing packets on interface TwentyGigE 1/0/1. [DeviceA] interface TwentyGigE 1/0/1 [DeviceA-TwentyGigE1/0/1] packet-filter 3000 outbound [DeviceA-TwentyGigE1/0/1] quit Verifying the configuration # Ping the database server from a PC in the Financial department during the working hours. (All PCs in this example use Windows XP). C:\> ping 192.168.0.100 Pinging 192.168.0.100 with 32 bytes of data: Reply from 192.168.0.100: bytes=32 time=1ms TTL=255 12