Configuration procedure, Verifying the configuration – H3C Technologies H3C SecPath F1000-E User Manual
Page 32
22
Figure 16 Network diagram
Configuration procedure
# Create a periodic time range from 8:00 to 18:00 on working days.
[SecPath] time-range work 8:0 to 18:0 working-day
# Create an IPv6 advanced ACL numbered 3000 and configure three rules in the ACL. One rule permits
access from the President’s office to the financial database server, one rule permits access from the
Financial department to the database server during working hours, and one rule denies access from any
other department to the database server.
[SecPath] acl ipv6 number 3000
[SecPath-acl6-adv-3000] rule permit ipv6 source 1001:: 16 destination 1000::100 128
[SecPath-acl6-adv-3000] rule permit ipv6 source 1002:: 16 destination 1000::100 128
time-range work
[SecPath-acl6-adv-3000] rule deny ipv6 source any destination 1000::100 128
[SecPath-acl6-adv-3000] quit
# Enable IPv6 firewall, and apply IPv6 ACL 3000 to filter outgoing packets on interface GigabitEthernet
0/1.
[SecPath] firewall ipv6 enable
[SecPath] interface GigabitEthernet 0/1
[SecPath-GigabitEthernet0/1] firewall packet-filter ipv6 3000 outbound
[SecPath-GigabitEthernet0/1] quit
Verifying the configuration
# Ping the database server from a PC in the Financial department during the working hours. (All PCs in
this example use Windows XP).
C:\> ping 1000::100
Pinging 1000::100 with 32 bytes of data:
Reply from 1000::100: time<1ms
Reply from 1000::100: time<1ms
Reply from 1000::100: time<1ms
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS