Ipv4 advanced acl configuration examples, Ipv6 advanced acl configuration example, Network requirements – H3C Technologies H3C SecBlade LB Cards User Manual

34

Task Command

Remarks

Display information about the ACL
acceleration feature.

display acl accelerate { acl-number | all } [ |
{ begin | exclude | include }
regular-expression ]

Available in any view.

Display configuration and match
statistics for IPv6 basic and IPv6

advanced ACLs.

display acl ipv6 { acl6-number | all | name
acl6-name } [ | { begin | exclude | include }

regular-expression ]

Available in any view.

Display the configuration and
status of one or all time ranges.

display time-range { time-range-name | all }
[ | { begin | exclude | include }

regular-expression ]

Available in any view.

Clear statistics for one or all IPv4
basic, IPv4 advanced, and

Ethernet frame header ACLs.

reset acl counter { acl-number | all | name
acl-name }

Available in user view.

Clear statistics for one or all IPv6
basic and advanced ACLs.

reset acl ipv6 counter { acl6-number | all |
name acl6-name }

Available in user view.

IPv4 advanced ACL configuration examples

IPv4 ACLs are usually used together with NAT. For IPv4 ACL configuration examples, see Network

Management Configuration Guide.

IPv6 advanced ACL configuration example

Network requirements

A company interconnects its departments through LB. Configure an ACL to do the following:

•

Permit access from the President's office at any time to the financial database server.

•

Permit access from the Financial department to the database server only during working hours (from

8:00 to 18:00) on working days.

•

Deny access from any other department to the database server.

Figure 19 Network diagram

President office

1001::/16

Financial department

1002::/16

Marketing department

1003::/16

LB

GE0/1

GE0/4

GE0/2

GE0/3

Financial database server

1000::100/16