1 / 4

Product : DGS-3324SRI FW: 4.10-B15 Boot PROM: 2.00-B04

SW: 192.168.1.1/255.255.255.0. Product : DGS-3324SRI FW: 4.10-B15 Boot PROM: 2.00-B04. VLAN 3 Ports [17 24] IP 3  192.168.3.0/24 GW3 192.168.3.1/24. VLAN 1 Ports [1 8] IP 1  192.168.1.0/24 GW1 192.168.1.1/24. VLAN 2 Ports [9 16] IP 2  192.168.2.0/24

juliep
Download Presentation

Product : DGS-3324SRI FW: 4.10-B15 Boot PROM: 2.00-B04

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SW: 192.168.1.1/255.255.255.0 • Product: DGS-3324SRI • FW: 4.10-B15 • Boot PROM: 2.00-B04 • VLAN 3 • Ports [1724] • IP 3  192.168.3.0/24 • GW3 192.168.3.1/24 • VLAN 1 • Ports [18] • IP 1  192.168.1.0/24 • GW1 192.168.1.1/24 • VLAN 2 • Ports [916] • IP 2  192.168.2.0/24 • GW2 192.168.2.1/24 • FTP Server • IPS: 192.168.2.2/24

  2. VLANs ACL solution 1: Step1. set the VLAN(default=VLAN1, VLAN2, VLAN3) config vlan default delete 1:9-1:24create vlan v2 tag 2config vlan v2 add untagged 1:9-1:16create vlan v3 tag 3config vlan v3 add untagged 1:17-1:24 Step2. set ipifconfig ipif System ipaddress 192.168.1.254/24create ipif if2 192.168.2.254/24 v2 state enablecreate ipif if3 192.168.3.254/24 v3 state enableStep3. set ACL command :::profile 1. 192.168.2.2 to Any permit::: create access_profile ip source_ip_mask 255.255.255.255 profile_id 1config access_profile profile_id 1 add access_id auto ip source_ip 192.168.2.2 port 1-24 permit :::profile 2. Any to 192.168.2.2 permit::: create access_profile ip dest 255.255.255.255 profile_id 2config access_profile profile_id 2 add access_id auto ip destination_ip 192.168.2.2 port 1-24 permit :::profile 3. inside same interface permit ::: create access_profile ip sour 255.255.255.0 dest 255.255.255.0 profile_id 3config access_profile profile_id 3 add access_id auto ip sour 192.168.1.0 dest 192.168.1.0 port 1-8 permitconfig access_profile profile_id 3 add access_id auto ip sour 192.168.2.0 dest 192.168.2.0 port 9-16 permitconfig access_profile profile_id 3 add access_id auto ip sour 192.168.3.0 dest 192.168.3.0 port 17-24 permit :::profile 4.Protection any VLAN::: create access_profile ip source_ip_mask 0.0.0.0 profile_id 6config access_profile profile_id 6 add access_id auto ip sour 0.0.0.0 port 1-24 deny

  3. VLANs ACL solution 2:

  4. Everyone, in Every VLAN have a ftp connexion via the FTP Server, • But • Users in VLAN 1 can’t have access to users in VLAN 3 • And , • Users in VLAN 3 & VLAN1 can’t have access to users in VLAN 2

More Related