No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

AR500, AR510, and AR530 V200R007 CLI-based Configuration Guide - Ethernet Switching

This document describes the configuration of Ethernet services, including configuring transparent bridge, MAC table, link aggregation, VLANs, STP/RSTP/MSTP, and so on.The document provides the configuration procedures and configuration examples to illustrate the service configuration methods and application scenario.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Using a Traffic Policy to Implement Inter-VLAN Access Control

Using a Traffic Policy to Implement Inter-VLAN Access Control

As shown in Figure 3-17, to ensure communication security, a company divides the network into visitor area, employee area, and server area, and assigns VLAN 10, VLAN 20, and VLAN 30 to the areas respectively. The company has the following requirements:
  • Employees, visitors, and servers can access the Internet.
  • Visitors cannot communicate with employees and can access only Server_1 in the server area.
Figure 3-17  Using a traffic policy to implement inter-VLAN access control
After the central router (Router) is configured with VLANIF 10, VLANIF 20, VLANIF 30, and VLANIF 100 and a route to the Router_0, employees, visitors, and servers can access the Internet and communicate with each other. To control access rights of visitors, configure a traffic policy on the central router and define the following rules:
  • ACL rule 1: denies the packets sent from the IP network segment of visitors to the IP segment of employees.
  • ACL rule 2: permits the packets from the IP network segment of visitors to the IP address of Server_1, and denies the packets from the IP network segment of visitors and to the IP segment of servers.
  • ACL rule 3: denies the packets from the IP network segment of employees to the IP segment of visitors.
  • ACL rule 4: denies the packets from the IP network segment of servers to the IP segment of visitors.

Apply the traffic policy to the inbound and outbound direction of the central router interface connected to the visitor area. Visitors can then only access Server_1 and cannot communicate with employees.

Translation
Download
Updated: 2019-05-25

Document ID: EDOC1000097279

Views: 19838

Downloads: 64

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next