Applying a layer-4 bridging acl to a port, Notes, Applying a layer-4 bridging acl to a port notes – Cabletron Systems SMARTSWITCH ROUTER 9032578-05 User Manual
Page 314
Chapter 20: Security Configuration Guide
288
SmartSwitch Router User Reference Manual
In the example in
, to allow the consultants access to the file server
for e-mail (SMTP) traffic, but not for Web (HTTP) traffic — and allow e-mail, Web, and
FTP traffic between the engineers and the file server, you would create ACLs that allow
only SMTP traffic on the port to which the consultants are connected and allow SMTP,
HTTP, and FTP traffic on the ports to which the engineers are connected.
The following is an example:
ACL 100 explicitly permits SMTP traffic and denies HTTP traffic. Note that because of the
implicit deny rule appended to the end of the ACL, all traffic (not just HTTP traffic) other
than SMTP is denied.
ACL 200 explicitly permits SMTP, HTTP, and FTP traffic. The implicit deny rule denies any
other traffic. See
“Creating and Modifying ACLs” on page 264
for more information on
defining ACLs.
Applying a Layer-4 Bridging ACL to a Port
Finally, you apply the ACLs to the ports in the VLAN. To do this, enter the following
command in Configure Mode:
For the example in
, to apply ACL 100 (which denies all traffic
except SMTP) to the consultant port:
To apply ACL 200 (which denies all traffic except SMTP, HTTP, and FTP) to the engineer
port:
Notes
•
Layer-4 Bridging works for IP and IPX traffic only. The SSR will drop non-IP/IPX
traffic on a Layer-4 Bridging VLAN. For Appletalk and DECnet packets, a warning is
issued before the first packet is dropped.
acl 100 permit ip any any smtp
acl 100 deny ip any any http
acl 200 permit any any smtp
acl 200 permit any any http
acl 200 permit any any ftp
Apply a Layer-4 bridging ACL to a port
acl
apply port
ssr(config)# acl 100 apply port et.1.1 output
ssr(config)# acl 200 apply port et.1.3 output