40 likes | 68 Views
SW: 192.168.1.1/255.255.255.0. Product : DGS-3324SRI FW: 4.10-B15 Boot PROM: 2.00-B04. VLAN 3 Ports [17 24] IP 3 192.168.3.0/24 GW3 192.168.3.1/24. VLAN 1 Ports [1 8] IP 1 192.168.1.0/24 GW1 192.168.1.1/24. VLAN 2 Ports [9 16] IP 2 192.168.2.0/24
E N D
SW: 192.168.1.1/255.255.255.0 • Product: DGS-3324SRI • FW: 4.10-B15 • Boot PROM: 2.00-B04 • VLAN 3 • Ports [1724] • IP 3 192.168.3.0/24 • GW3 192.168.3.1/24 • VLAN 1 • Ports [18] • IP 1 192.168.1.0/24 • GW1 192.168.1.1/24 • VLAN 2 • Ports [916] • IP 2 192.168.2.0/24 • GW2 192.168.2.1/24 • FTP Server • IPS: 192.168.2.2/24
VLANs ACL solution 1: Step1. set the VLAN(default=VLAN1, VLAN2, VLAN3) config vlan default delete 1:9-1:24create vlan v2 tag 2config vlan v2 add untagged 1:9-1:16create vlan v3 tag 3config vlan v3 add untagged 1:17-1:24 Step2. set ipifconfig ipif System ipaddress 192.168.1.254/24create ipif if2 192.168.2.254/24 v2 state enablecreate ipif if3 192.168.3.254/24 v3 state enableStep3. set ACL command :::profile 1. 192.168.2.2 to Any permit::: create access_profile ip source_ip_mask 255.255.255.255 profile_id 1config access_profile profile_id 1 add access_id auto ip source_ip 192.168.2.2 port 1-24 permit :::profile 2. Any to 192.168.2.2 permit::: create access_profile ip dest 255.255.255.255 profile_id 2config access_profile profile_id 2 add access_id auto ip destination_ip 192.168.2.2 port 1-24 permit :::profile 3. inside same interface permit ::: create access_profile ip sour 255.255.255.0 dest 255.255.255.0 profile_id 3config access_profile profile_id 3 add access_id auto ip sour 192.168.1.0 dest 192.168.1.0 port 1-8 permitconfig access_profile profile_id 3 add access_id auto ip sour 192.168.2.0 dest 192.168.2.0 port 9-16 permitconfig access_profile profile_id 3 add access_id auto ip sour 192.168.3.0 dest 192.168.3.0 port 17-24 permit :::profile 4.Protection any VLAN::: create access_profile ip source_ip_mask 0.0.0.0 profile_id 6config access_profile profile_id 6 add access_id auto ip sour 0.0.0.0 port 1-24 deny
Everyone, in Every VLAN have a ftp connexion via the FTP Server, • But • Users in VLAN 1 can’t have access to users in VLAN 3 • And , • Users in VLAN 3 & VLAN1 can’t have access to users in VLAN 2