Managing Device/User Access rights using Basic ACLs on Huawei Devices
- May 30, 2024
- Posted by: Lyfey Technologies
- Categories: Huawei, Networking
This lab demonstrates how to configure basic ACLs on Huawei devices.
Configurations Steps
Step 1: Configure IP addresses and hostnames on CE01 and CE02.
******************************CE01
sys
#
sysname CE01
#
interface GigabitEthernet0/0/0
ip address 10.10.10.1 255.255.255.0
#
commit******************************CE02
sys
#
sysname CE02
#
interface GigabitEthernet0/0/0
ip address 20.20.20.1 255.255.255.0
#
commitStep 2: Configure the hostname on PE01. Create two VPN instances and bind them on interfaces connecting CE routers. Assign IP addresses to interfaces connecting CEs.
*****************************PE01
#
sysname PE02
#
ip vpn-instance VPN-A
ipv4-family
route-distinguisher 100:1
vpn-target 100:100 export-extcommunity
vpn-target 100:100 import-extcommunity
#
ip vpn-instance VPN-B
ipv4-family
route-distinguisher 200:1
vpn-target 200:200 export-extcommunity
vpn-target 200:200 import-extcommunity
#
interface GigabitEthernet0/0/0
ip binding vpn-instance VPN-A
ip address 10.10.10.254 255.255.255.0
#
interface GigabitEthernet0/0/1
ip binding vpn-instance VPN-B
ip address 20.20.20.254 255.255.255.0
#Step 3: Configure ACLs on PE01 to allow users in VPN-A and deny users in VPN-B.
**************************PE01
#
acl name CONTROL_ACCESS number 2000
rule 5 permit vpn-instance VPN-A
rule 10 deny vpn-instance VPN-B
#Step 4: Apply the ACL in Telnet services on the PE.
*********************PE01
#
user-interface con 0
user-interface vty 0 4
acl 2000 inbound
set authentication password cipher Huawei_123
user-interface vty 16 20
#Step 5: Verify the configuration by trying to use Telnet from CE01 and CE02 to PE01.
As shown above, we can telnet from CE01 to PE01 but we cannot telnet from CE02 to PE01 because our ACL allows access from users in VPN-A and denies access from users in VPN-B.
Thank you for reading our articles. Leave your comments below and subscribe to our Youtube channel for more content on networking: Lyfey Technologies Channel
Latest Posts
- VXLAN (intra-subnet communication) Implementation on Huawei switches.
- Implementing BGP confederation on Huawei routers.
- Implementing GRE over IPsec (ISAKMP mode) on Huawei routers.
- Implementing Internet Protocol Security (IPsec) ISAKMP mode on Huawei routers.
- Implementing Internet Protocol Security (IPsec) manual mode on Huawei routers.