Login
- Table of Contents
-
- 05-Web configuration examples (AC+fit AP)
- 01-Telnet Access Control Configuration Example
- 02-IPv6 Telnet Access Control Configuration Example
- 03-Web Access Control Configuration Example
- 04-User Role Assignment for Local Web Authentication Users Configuration Example
- 05-SSH Local Authentication Configuration Example
- 06-SSH User Remote Password Authentication Configuration Example
- 07-IPv6 SSH User Remote Password Authentication Configuration Example
- 08-Password Control Configuration Example
- 09-Licensing Configuration Example
- 10-Automatic License Installation Configuration Example
- 11-Layer 2 Static Link Aggregation Configuration Example
- 12-Layer 2 Dynamic Link Aggregation Configuration Example
- 13-PPPoE Client Configuration Example
- 14-Static IPv6 Address Configuration Example
- 15-IPv6 Static Routing Configuration Example
- 16-Static IPv4 DNS Configuration Example
- 17-Static IPv6 DNS Configuration Example
- 18-IGMP Snooping Configuration Example
- 19-MLD Snooping Configuration Example
- 20-IPv4 DNS Proxy Configuration Example
- 21-IPv6 DNS Proxy Configuration Example
- 22-Static NAT Configuration Example
- 23-Dynamic NAT Configuration Example
- 24-IPv4 ACL-Based Packet Filter Configuration Example
- 25-IPv6 ACL-Based Packet Filter Configuration Example
- 26-ARP Attack Protection Configuration Example
- 27-ARP Proxy Configuration Example
- 28-Dynamic IPv4 DNS Configuration Example
- 29-Dynamic IPv6 DNS Configuration Example
- 30-WLAN Access Configuration Example
- 31-Different Wireless Services on Different Radios Configuration Example
- 32-CAPWAP Tunnel Establishment Through DHCP Configuration Example
- 33-CAPWAP Tunnel Establishment Through DHCPv6 Configuration Example
- 34-CAPWAP Tunnel Establishment Through DNS Configuration Example
- 35-CAPWAP Tunnel Establishment Through DNSv6 Configuration Example
- 36-Auto AP Configuration Example
- 37-AP Group Configuration Example
- 38-Radio Management Configuration Example
- 39-Load Balancing Group-Based Session-Mode Load Balancing Configuration Example
- 40-Radio-Based Session-Mode Load Balancing Configuration Example
- 41-A-MPDU and A-MSDU Configuration Example
- 42-Device Classification and Countermeasure Configuration Example
- 43-Malformed Packet Detection and Flood Attack Detection Configuration Example
- 44-Signature-Based Attack Detection Configuration Example
- 45-802.1X RADIUS-Based AAA Configuration Example
- 46-VLAN Interface-Based Direct Portal Authentication Configuration Example
- 47-Service Template-Based Direct Portal Authentication Configuration Example
- 48-Wireless Spectrum Analysis Configuration Example
- 49-Auto DFS Configuration Examples
- 50-Auto TPC Configuration Examples
- 51-Whitelist-Based Client Access Control Configuration Example
- 52-Blacklist-Based Client Access Control Configuration Example
- 53-CAC Configuration Example
- 54-WLAN Probe Configuration Example
- 55-Intra-AC Roaming Configuration Example
- 56-Bonjour Gateway Configuration Example
- 57-IPv4 Multicast Optimization Configuration Examples
- 58-IPv6 Multicast Optimization Configuration Examples
- 59-Ping Configuration Example
- 60-Local Packet Capture Configuration Example
- 61-Remote Packet Capture Configuration Example
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 24-IPv4 ACL-Based Packet Filter Configuration Example | 313.14 KB |
|
|
|
H3C Access Controllers |
|
Comware 7 IPv4 ACL-Based Packet Filter |
|
Configuration Example |
Copyright © 2022 New H3C Technologies Co., Ltd. All rights reserved.
No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of New H3C Technologies Co., Ltd.
Except for the trademarks of New H3C Technologies Co., Ltd., any trademarks that may be mentioned in this document are the property of their respective owners.
The information in this document is subject to change without notice.
Overview
The following information provides an example for configuring packet filtering with an IPv4 ACL.
Prerequisites
The following information applies to Comware 7-based access controllers. Procedures and information in the examples might be slightly different depending on the software or hardware version of the H3C access controllers.
The configuration examples were created and verified in a lab environment, and all the devices were started with the factory default configuration. When you are working on a live network, make sure you understand the potential impact of every command on your network.
The following information is provided based on the assumption that you have basic knowledge of packet filtering.
Example: Configuring an IPv4 ACL-based packet filter
Network configuration
A company interconnects its departments through the AC. Configure a packet filter to:
· Permit access from the President's office at any time to the financial database server.
· Permit access from the Financial department to the database server only during working hours (from 8:00 to 18:00) on working days.
· Deny access from any other department to the database server.
Procedures
1. Click the System View tab at the bottom of the page.
2. From the navigation pane, select System > Resource.
3. Click the Add button 
to add an IPv4 ACL.
a. Select Advanced.
b. Enter ACL number 3000.
c. Click Apply.
Figure 2 Adding an IPv4 ACL
4. In the dialog box that opens, add three ACL rules.
¡ Add the first ACL rule:
- Enter IP protocol 256.
- Enter the source IP address and mask 192.168.1.0/0.0.0.255 and the destination IP address and mask 192.168.0.100/0.0.0.0 as the match criteria.
- Click Apply.
Figure 3 Adding the first ACL rule
¡ Add a time range.
- From the navigation pane, select System > Resource.
- On the Time Range tab, click the Add button 
to add a periodic time range.
- Enter name work.
- Enter start time 08:00 and end time 18:00.
- Select Monday through Friday.
- Click Apply.
Figure 4 Adding a time range
¡ Add a second ACL rule:
- Enter IP protocol 256.
- Enter the source IP address and mask 192.168.2.0/0.0.0.255 and the destination IP address and mask 192.168.0.100/0.0.0.0 as the match criteria.
- Select time range work.
- Click Apply.
Figure 5 Adding a second ACL rule
¡ Add a third ACL rule:
- Enter IP protocol 256.
- Select Deny.
- Enter the destination IP address and mask 192.168.0.100/0.0.0.0 as the match criterion.
- Click Apply.
Figure 6 Adding a third ACL rule
5. From the navigation pane, select Network Security > Packet Filter.
6. On the Interface
tab, click the Add button 
to add a packet filter for an interface.
7. In the dialog box that opens, configure the following settings:
a. Select interface GE1/0/1.
b. Select the Outgoing direction.
c. Select IPv4 ACL.
d. Select ACL 3000.
e. Enable Hardware counting.
f. Click Apply.
Figure 7 Configuring a packet filter
Verifying the configuration
1. Verify that the President's office can ping the financial database server at any time.
2. Verify that the Financial department can ping the financial database server during working hours (from 8:00 to 18:00) on working days.
3. Verify that the Marketing department cannot ping the financial database server at any time.
Related documentation
H3C Access Controllers Web-Based Configuration Guide
