R2511-HP MSR Router Series ACL and QoS Configuration Guide(V5)
15
ACL's step is 5
rule 0 permit ip source 192.168.1.0 0.0.0.255 destination 192.168.0.100 0
rule 5 permit ip source 192.168.2.0 0.0.0.255 destination 192.168.0.100 0 time-range work
(4 times matched) (Active)
rule 10 deny ip destination 192.168.0.100 0 (4 times matched)
The output shows rule 5 is active. Rule 5 and rule 10 have been matched four times as the result of the
ping operations.
IPv6 advanced ACL configuration example
Network requirements
A company interconnects its departments through Device A. Configure an ACL to do the following:
• Permit access from the President's office at any time to the financial database server.
• Permit access from the Financial department to the database server only during working hours (from
8:00 to 18:00) on working days.
• Deny access from any other department to the database server.
Figure 2 Network diagram
Configuration procedure
# Create a periodic time range from 8:00 to 18:00 on working days.
<DeviceA> system-view
[DeviceA] time-range work 8:0 to 18:0 working-day
# Create an IPv6 advanced ACL numbered 3000 and configure three rules in the ACL. One rule permits
access from the President's office to the database server, one rule permits access from the Financial
department to the database server during working hours, and one rule denies access from other
departments to the database server.
[DeviceA] acl ipv6 number 3000
[DeviceA-acl6-adv-3000] rule permit ipv6 source 1001:: 16 destination 1000::100 128
[DeviceA-acl6-adv-3000] rule permit ipv6 source 1002:: 16 destination 1000::100 128
time-range work
[DeviceA-acl6-adv-3000] rule deny ipv6 source any destination 1000::100 128