Hà Nội: NTT03, Line 1, Thống Nhất Complex, 82 Nguyễn Tuân, Thanh Xuân, Hà Nội. ● HCM: Số 31B, Đường 1, Phường An Phú, Quận 2 (Thủ Đức), TP HCM. ===> Đơn Vị Hàng Đầu Trong Lĩnh Vực Cung Cấp Thiết Bị Security - Network - Wifi - CCTV - Conference - Máy chủ Server - Lưu trữ Storge.
Danh mục sản phẩm

Configure Hybrid Extended ACL Example

Network Requirements

  • PC1, PC2, and PC3 are connected to IP Network via Device.
  • Configure the Hybrid extended ACL rule, realizing that PC1 can access IP Network within the specified time, PC2 and PC3 cannot access IP Network.

Network Topology

Networking of configuring Hybrid extended ACL

Figure 15-5 Networking of configuring Hybrid extended ACL

Configuration Steps

Step 1: Configure the link type of VLAN and port on Device.

#Create VLAN.

Device#configure terminal
Device(config)#vlan 2
Device(config-vlan2)#exit

#Configure the link type of port gigabitethernet0/1 as Access, permitting the services of VLAN2 to pass.

Device(config)#interface gigabitethernet 0/1
Device(config-if-gigabitethernet0/1)#switchport mode access
Device(config-if-gigabitethernet0/1)#switchport access vlan 2
Device(config-if-gigabitethernet0/1)#exit

Step 2: Configure the corresponding VLAN interface and IP address on Device. (Omitted)

Step 3: Configure the time domain.

#Configure the time domain “time-range-work” on Device and the range is 08:00 to 18:00 every day.

Device(config)#time-range time-range-work
Device(config-time-range)#periodic daily 08:00 to 18:00
Device(config-time-range)#exit

#View the current system time on Device.

Device#show clock  
 
UTC FRI APR 05 15:26:31 2013 

#View the information of the defined time domain “time-range-work” on Device.

Device#show time-range time-range-work
Timerange name:time-range-work (STATE:active) 
  10 periodic daily 08:00 to 18:00 (active) 

Step 4: Configure the Hybrid extended ACL list.

#Configure the Hybrid extended ACL with serial number 5001 on Device.

Device(config)#hybrid access-list extended 5001

#Configure the rule, permitting PC1 to access IP Network in the defined time domain “time-range-work” range.

Device(config-hybrid-nacl)#permit ip any host 0001.0001.0001 time-range time-range-work

#Configure the rule, preventing the segment 131.44.0.0/16 from accessing IP Network.

Device(config-hybrid-nacl)#deny ip 131.44.0.0 0.0.255.255 any

#Configure the rule, permitting all packets from IP Network to pass Device.

Device(config-hybrid-nacl)#permit ip any any

#Submit the configured rule

Device(config-hybrid-nacl)#commit
Device(config-hybrid-nacl)#exit

#View the information of the ACL with serial number 5001 on Device.

Device#show hybrid access-list 5001
hybrid access-list extended 5001 
  
 10 permit ip any host 0001.0001.0001 time-range time-range-work (active) 
 20 deny ip 131.44.0.0 0.0.255.255 any 
 30 permit ip any any  

Step 5: Configure applying Hybrid extended ACL.

#Apply the Hybrid extended ACL with serial number 5001 to the ingress globally.

Device(config)#global hybrid access-group 5001 in

#View the information of the ACL applied globally on Device.

Device#show acl-object global  
 
-------Global------Bind------Instance Global
----Direction----AclType-----AclName 
global                  IN     HYBRID  5001  

Step 6: Check the result.

#PC1 can access IP Network from 08:00 to 18:00 every day; PC2 and PC3 cannot access IP Network.