No relevant resource is found in the selected language.
Enterprise
Worldwide
Huawei Global - English
Support Documentation
S600-E V200R019C10 Web-based Configuration Guide

This document describes how to configure and maintain devices through the web NMS client, including device status statistics, SVF, interface, Ethernet switching, IP service, IP routing, security, ACL, AAA, system management, QoS, diagnosis service, and EasyDeploy.

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Using Advanced ACLs to Restrict Mutual Access Between Network Segments

Example for Using Advanced ACLs to Restrict Mutual Access Between Network Segments

Networking Requirements

As shown in Figure 9-66, the departments of an enterprise are connected through a switch. To facilitate network management, the administrator allocates IP addresses of different network segments to the R&D and marketing departments. In addition, the administrator adds the two departments to different VLANs for broadcast domain isolation. For information security purposes, the enterprise requires that the switch prevent user hosts on different network segments from communicating with each other.

Figure 9-66 Using advanced ACLs to restrict mutual access between network segments



Configuration Roadmap

The configuration roadmap is as follows:
  1. Configure VLANs and configure IP addresses for VLANIF interfaces.
  2. Configure advanced ACLs.
  3. Apply the ACLs to enable the device to filter user packets based on the source and destination IP addresses, thereby restricting mutual access between users on different network segments.

Procedure

  1. Add interfaces to VLANs and assign IP addresses to the VLANIF interfaces.
    1. Choose Configuration > Basic Services > VLAN to access the VLAN page.
    2. Click Create. The Create VLAN dialog box is displayed.

      • Enter 10 in the VLAN ID text box.
      • Select Create VLANIF, enter 10.1.1.1 in the IPv4 address text box, and set Mask to 24.
      • Click Add Interface and then Select Interface, select GigabitEthernet0/0/1.
      • Click OK, as shown in Figure 9-67.

      Figure 9-67 Create VLAN 10

    3. Configure VLAN 20. The configuration method is similar to that of VLAN 10. Table 9-3 lists the involved configuration items.

      Table 9-3 VLAN list

      VLAN ID

      IP Address

      Subnet Mask

      Interface Name

      20

      10.1.2.1

      255.255.255.0

      GigabitEthernet0/0/2

  2. Configure ACLs.
    1. Choose Configuration > Security Services > ACL Config to access the ACL Config page.
    2. Click Create. In the Create ACL dialog box, set ACL number to 3001 and click OK, as shown in Figure 9-68.

      Figure 9-68 Creating ACL 3001

    3. Click Add Rule on the right of ACL 3001. In the Add Rule dialog box, set Action, Protocol type, Source IP, Destination IP and Wildcard, and click OK, as shown in Figure 9-69.

      Figure 9-69 Configuring ACL 3001

    4. Create and configure ACL 3002 in the same way based on Figure 9-70.

      Figure 9-70 Configuring ACL 3002

  3. Apply the ACLs.
    1. Choose Configuration > Security Services > ACL Reference > Interface ACL to access the Interface ACL page.
    2. Set Interface name. Click New next to Inbound interface ACL number, and select ACLs, as shown in Figure 9-71 and Figure 9-72. Click Apply to apply the ACLs.

      The traffic from the marketing department to the R&D department enters the switch through GE0/0/2, and the traffic from the R&D department to the marketing department enters the switch through GE0/0/1. Therefore, apply the corresponding ACL to the inbound direction on the two interfaces.

      Figure 9-71 Applying ACL 3001
      Figure 9-72 Applying ACL 3002

Result

  1. Choose Configuration > Security Services > ACL Config to view ACL information, as shown in Figure 9-73 and Figure 9-74.
    Figure 9-73 ACL 3001 configuration
    Figure 9-74 ACL 3002 configuration
  2. Choose Configuration > Security Services > ACL Reference > Interface ACL. Click GigabitEthernet0/0/1 and GigabitEthernet0/0/2 to view the ACLs applied on these interfaces, as shown in Figure 9-71 and Figure 9-72.

  3. The two network segments where the R&D and marketing departments reside cannot access each other.

Translation
简体中文
Download
Updated: 2022-05-20

Document ID: EDOC1100127213

Views: 35243

Downloads: 14

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Digital Signature File

Digital Signature Authentication Mode
Share
Previous Next
Huawei e+ App Huawei e+

Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :