Cabletron Systems SSIM-R8-02 Specifikace stáhnout pdf (Strana 328)

Layer-4 Bridging and Filtering

308 Enterasys Xpedition User Reference Manual

Creating ACLs to Specify Selection Criteria for Layer-4 Bridging

Access control lists (ACLs) specify the kind of filtering to be done for Layer-4 Bridging.

In the example in Figure 26 on page 306, to allow the consultants access to the file server

for e-mail (SMTP) traffic, but not for Web (HTTP) traffic — and allow e-mail, Web, and

FTP traffic between the engineers and the file server, you would create ACLs that allow

only SMTP traffic on the port to which the consultants are connected and allow SMTP,

HTTP, and FTP traffic on the ports to which the engineers are connected.

The following is an example:

ACL 100 explicitly permits SMTP traffic and denies HTTP traffic. Note that because of the

implicit deny rule appended to the end of the ACL, all traffic (not just HTTP traffic) other

than SMTP is denied.

ACL 200 explicitly permits SMTP, HTTP, and FTP traffic. The implicit deny rule denies

any other traffic. See Creating and Modifying ACLs on page 284 for more information on

defining ACLs.

Applying a Layer-4 Bridging ACL to a Port

Finally, you apply the ACLs to the ports in the VLAN. To do this, enter the following

command in Configure Mode:

For the example in Figure 26 on page 306, to apply ACL 100 (which denies all traffic

except SMTP) to the consultant port:

To apply ACL 200 (which denies all traffic except SMTP, HTTP, and FTP) to the engineer

port:

acl 100 permit ip any any smtp

acl 100 deny ip any any http

acl 200 permit any any smtp

acl 200 permit any any http

acl 200 permit any any ftp

Apply a Layer-4 bridging ACL to a port acl <name> apply port <port-list>

ssr(config)# acl 100 apply port et.1.1 output

ssr(config)# acl 200 apply port et.1.3 output

1 2 ... 323 324 325 326 327 328 329 330 331 332 333 ... 393 394

Žádné komentáře

Cabletron Systems SSIM-R8-02 Specifikace Strana 328