QTECH QSW-3400 Инструкция по настройке User Manual

Page 388

background image

+7(495) 797-3311 www.qtech.ru
Москва, Новозаводская ул., 18, стр. 1

387

not allowed to access the outside network at any time for the security. Then the following

policies are configured:

Set the policy VACL_A for technique department. At timeout they can access the

outside network, the rule as permit, but other times the rule as deny, and the policy is

applied to Vlan1.

Set the policy VACL_B of ACL for finance department. At any time they can not access

the outside network, but can access the inside network with no limitation, and apply the

policy to Vlan2.

Network environment is shown as below:

VLAN-ACL configuration example

Configuration example:

1. First, configure a timerange, the valid time is the working hours of working day:
Switch(config)#time-range t1
Switch(config-time-range-t1)#periodic weekdays 9:00:00 to 12:00:00
Switch(config-time-range-t1)#periodic weekdays 13:00:00 to 18:00:00

2. Configure the extended acl_a of IP, at working hours it only allows to access the resource

within the internal network (such as 192.168.0.255).

Switch(config)# ip access-list extended vacl_a
Switch(config-ip-ext-nacl-vacl_a)# permit ip any-source 192.168.0.0
0.0.0.255 time-range t1