DES-7200 Configuration Guide Chapter 1 Access Control List
Configuration
1-38
SwitchC
Step 1: Configure expert ACL
SwitchC#configure terminal
! In configuration mode, create an expert ACL named "tongdao1"
SwitchC(config)#expert access-list extended tongdao1
! Permit all IP packets with source IP falling within the network segment of 172.18.0.0
SwitchC(config-exp-dacl)#permit ip 172.18.0.0 0.0.255.255 any any any
! Permit all packets with UDP port number being 67 (Bootstrap Protocol Server) and
68 (Bootstrap Protocol Client)
SwitchC(config-exp-dacl)# permit udp any any eq bootpc any any eq bootps
SwitchC(config-exp-dacl)#exit
Step 2: Globally configure the ACL for secure tunnel application
! Configure ACL "tongdao1" for secure tunnel application
SwitchC(config)# security global access-group tongdao1
1.12.3.5 Verifications
Step 1: Verify whether ACE entries are correct. The key is that whether the
precedence order of entries is correct and whether entries are effective.
SwitchB# show access-lists
expert access-list advanced tongdao
10 permit 0806 FFFF 24 AC12 FFFF 40
20 permit 0800 FFFF 24 AC12 FFFF 38
30 permit 11 FF 35 00440043 FFFFFFFF 46
SwitchC# show access-lists
expert access-list extended tongdao1
10 permit ip 172.18.0.0 0.0.255.255 any any any
20 permit udp any any eq bootpc any any eq bootps
Execute the above command to verify whether the corresponding ACE entries are
correct.
Step 2: Verify whether ACL configurations are complete. The key is that whether the
correct ACL has been applied in the global configuration mode:
SwitchB#show run
!
expert access-list advanced tongdao
!
security global access-group tongdao
!
!
SwitchC#show run
!
expert access-list advanced tongdao1
!