D-Link DES-7200 Refrigerator User Manual


  Open as PDF
of 1968
 
DES-7200 Configuration Guide Chapter 1 Access Control List
Configuration
1-29
The access switch (SwitchC) connecting PCs of respective departments is connected
to the convergence switch through 1000M optical fiber cable (trunk mode).
The convergence switch (SwitchB) assigns one VLAN for each department and is
connected to the core switch through 10G optical fiber cable (trunk mode).
The core switch (SwitchA) is connected with multiple servers, such as FTP, HTTP
server and etc, and is connected to Internet through firewall.
1.12.2.2 Application Requirements
The above scenario of Intranet ACL application mainly involves the following needs:
1. Internet viruses are almost everywhere. Various vulnerable ports must be blocked
in order to guarantee Intranet security.
2. Only the internal PCs can access the servers. External PCs are not allowed to
access the servers.
3. PCs other than the finance department cannot access PCs of finance department;
PCs other than the development department cannot access PCs of development
department.
4. QQ, MSN and other IM applications cannot be used by the staff of development
department during working hours (namely 9:00-18:00).
1.12.2.3 Configuration Tips
1. The viruses can be avoided by configuring extended ACL on the
router-connecting port (G2/1) of core switch (SwitchA) to filter packets destined
for relevant ports.
2. As for the requirement that internal PCs can access the servers while external
PCs are not allowed to access these servers, we can define the IP extended ACL
and apply to ports (G2/2, SVI2) of the core switch (SwitchA) that connect with
the convergence switch and server.
3. As for the requirement that specific departments cannot access each other, we
can define the IP extended ACL (apply IP extended ACL to G0/22 and G0/23 of
Switch B).
4. Configuring time & IP based extended ACL can prevent development
departments from suing QQ/MSN and other IM application during a specific
period (applying time & IP based extended ACL to SVI2 of SwitchB).
1.12.2.4 Configuration Steps
Configure the core switch: SwitchA
Step 1: Define the virus-blocking ACL of "Virus_Defence"