Vlan-acl, Onfiguration, Xample – QTECH QSW-2800 Инструкция по настройке User Manual

+7(495) 797-3311 www.qtech.ru
Москва, Новозаводская ул., 18, стр. 1

347

49.3 VLAN-ACL Configuration

Example

A company’s network configuration is as follows, all departments are divided by different

VLANs, technique department is Vlan1, finance department is Vlan2. It is required that

technique department can access the outside network at timeout, but finance department are

not allowed to access the outside network at any time for the security. Then the following

policies are configured:

Set the policy VACL_A for technique department. At timeout they can access the outside

network, the rule as permit, but other times the rule as deny, and the policy is applied to Vlan1.

Set the policy VACL_B of ACL for finance department. At any time they can not access the

outside network, but can access the inside network with no limitation, and apply the policy to

Vlan2.

Network environment is shown as below:

VLAN-ACL configuration example

Configuration example:

1) First, configure a timerange, the valid time is the working hours of working day:

Switch(config)#time-range t1

Switch(config-time-range-t1)#periodic weekdays 9:00:00 to 12:00:00

Switch(config-time-range-t1)#periodic weekdays 13:00:00 to 18:00:00

2) Configure the extended acl_a of IP, at working hours it only allows to access the resource

within the internal network (such as 192.168.0.255).