Support User Manuals

D-Link DES-7200 Refrigerator User Manual

Open as PDF

of 1968

DES-7200 Configuration Guide Chapter 1 Access Control List

Configuration

1-31

! Permit all other IP packets

SwitchA(config-ext-nacl)#permit ip any any

SwitchA(config-ext-nacl)#exit

Step 2: Apply ACL "Virus_Defence" to the router-connecting interface of core switch

SwitchA(config)#interface gigabitEthernet 2/1

SwitchA(config-if)#no switchport

SwitchA(config-if)#ip address 192.168.5.1 255.255.255.0

! Apply ACL "Virus_Defence" to the in direction of G2/1 to block virus packets

from external network

SwitchA(config-if)#ip access-group Virus_Defence in

SwitchA(config-if)#exit

Step 3: Define the ACL of "access_server" to only permit Intranet PCs to access the

server

SwitchA(config)#ip access-list extended access_server

! Only permit Intranet PCs to access the server (IP address being

192.168.4.100).

SwitchA(config-ext-nacl)#permit ip 192.168.2.0 0.0.0.255 host 192.168.4.100

SwitchA(config-ext-nacl)#permit ip 192.168.1.0 0.0.0.255 host 192.168.4.100

SwitchA(config-ext-nacl)#permit ip 192.168.3.0 0.0.0.255 host 192.168.4.100

SwitchA(config-ext-nacl)#deny ip any any

Step 4: Apply ACL "access_server" to the interface connecting with convergence

switch and server

SwitchA(config)#interface gigabitEthernet 2/2

SwitchA(config-if)#switch mode trunk

! Apply to the in direction on the interface of convergence switch

SwitchA(config-if)#ip access-group access_server in

SwitchA(config-if)#exit

! Create VLAN

SwitchA(config)#vlan 2

SwitchA(config-vlan)#exit

SwitchA(config)#interface gigabitEthernet 2/48

! The server-connecting interface of G2/48 belongs to vlan2

SwitchA(config-if)#switch access vlan 2

SwitchA(config-if)#exit

! Apply to the in direction of server-connecting interface

SwitchA(config)#interface vlan 2

SwitchA(config-if-VLAN 2)# ip access-group access_server in

SwitchA(config-if-VLAN 2)# ip address 192.168.4.2 255.255.255.0

SwitchA(config-ext-nacl)#end

 Configure the convergence switch: SwitchB

Step 1: Create vlan2-4

SwitchB#configure terminal

! Create vlan2-4

SwitchB(config)#vlan range 2-4

SwitchB(config-vlan-range)#exit

previous next