R2511-HP MSR Router Series ACL and QoS Configuration Guide(V5)
14
[DeviceA-acl-adv-3000] rule permit ip source 192.168.1.0 0.0.0.255 destination
192.168.0.100 0
[DeviceA-acl-adv-3000] rule permit ip source 192.168.2.0 0.0.0.255 destination
192.168.0.100 0 time-range work
[DeviceA-acl-adv-3000] rule deny ip source any destination 192.168.0.100 0
[DeviceA-acl-adv-3000] quit
# Enable IPv4 firewall, and apply IPv4 advanced ACL 3000 to filter outgoing packets on interface
Ethernet 1/1.
[DeviceA] firewall enable
[DeviceA] interface ethernet 1/1
[DeviceA-Ethernet1/1] firewall packet-filter 3000 outbound
[DeviceA-Ethernet1/1] quit
Verifying the configuration
# Ping the database server from a PC in the Financial department during working hours. (All PCs in this
example use Windows XP.)
C:\> ping 192.168.0.100
Pinging 192.168.0.100 with 32 bytes of data:
Reply from 192.168.0.100: bytes=32 time=1ms TTL=255
Reply from 192.168.0.100: bytes=32 time<1ms TTL=255
Reply from 192.168.0.100: bytes=32 time<1ms TTL=255
Reply from 192.168.0.100: bytes=32 time<1ms TTL=255
Ping statistics for 192.168.0.100:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 1ms, Average = 0ms
The output shows the database server can be pinged.
# Ping the database server from a PC in the Marketing department during working hours.
C:\> ping 192.168.0.100
Pinging 192.168.0.100 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 192.168.0.100:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
The output shows the database server cannot be pinged.
# Display configuration and match statistics for IPv4 advanced ACL 3000 on Device A during working
hours.
[DeviceA] display acl 3000
Advanced ACL 3000, named -none-, 3 rules,