Support User Manuals

D-Link DES-7200 Refrigerator User Manual

Open as PDF

of 1968

DES-7200 Configuration Guide Chapter 1 Access Control List

Configuration

1-29

The access switch (SwitchC) connecting PCs of respective departments is connected

to the convergence switch through 1000M optical fiber cable (trunk mode).

The convergence switch (SwitchB) assigns one VLAN for each department and is

connected to the core switch through 10G optical fiber cable (trunk mode).

The core switch (SwitchA) is connected with multiple servers, such as FTP, HTTP

server and etc, and is connected to Internet through firewall.

1.12.2.2 Application Requirements

The above scenario of Intranet ACL application mainly involves the following needs:

1. Internet viruses are almost everywhere. Various vulnerable ports must be blocked

in order to guarantee Intranet security.

2. Only the internal PCs can access the servers. External PCs are not allowed to

access the servers.

3. PCs other than the finance department cannot access PCs of finance department;

PCs other than the development department cannot access PCs of development

department.

4. QQ, MSN and other IM applications cannot be used by the staff of development

department during working hours (namely 9:00-18:00).

1.12.2.3 Configuration Tips

1. The viruses can be avoided by configuring extended ACL on the

router-connecting port (G2/1) of core switch (SwitchA) to filter packets destined

for relevant ports.

2. As for the requirement that internal PCs can access the servers while external

PCs are not allowed to access these servers, we can define the IP extended ACL

and apply to ports (G2/2, SVI2) of the core switch (SwitchA) that connect with

the convergence switch and server.

3. As for the requirement that specific departments cannot access each other, we

can define the IP extended ACL (apply IP extended ACL to G0/22 and G0/23 of

Switch B).

4. Configuring time & IP based extended ACL can prevent development

departments from suing QQ/MSN and other IM application during a specific

period (applying time & IP based extended ACL to SVI2 of SwitchB).

1.12.2.4 Configuration Steps

 Configure the core switch: SwitchA

Step 1: Define the virus-blocking ACL of "Virus_Defence"

previous next