beautypg.com

Applying a layer-4 bridging acl to a port, Notes, Applying a layer-4 bridging acl to a port notes – Cabletron Systems SMARTSWITCH ROUTER 9032578-05 User Manual

Page 314

background image

Chapter 20: Security Configuration Guide

288

SmartSwitch Router User Reference Manual

In the example in

Figure 25 on page 286

, to allow the consultants access to the file server

for e-mail (SMTP) traffic, but not for Web (HTTP) traffic — and allow e-mail, Web, and
FTP traffic between the engineers and the file server, you would create ACLs that allow
only SMTP traffic on the port to which the consultants are connected and allow SMTP,
HTTP, and FTP traffic on the ports to which the engineers are connected.

The following is an example:

ACL 100 explicitly permits SMTP traffic and denies HTTP traffic. Note that because of the
implicit deny rule appended to the end of the ACL, all traffic (not just HTTP traffic) other
than SMTP is denied.

ACL 200 explicitly permits SMTP, HTTP, and FTP traffic. The implicit deny rule denies any
other traffic. See

“Creating and Modifying ACLs” on page 264

for more information on

defining ACLs.

Applying a Layer-4 Bridging ACL to a Port

Finally, you apply the ACLs to the ports in the VLAN. To do this, enter the following
command in Configure Mode:

For the example in

Figure 25 on page 286

, to apply ACL 100 (which denies all traffic

except SMTP) to the consultant port:

To apply ACL 200 (which denies all traffic except SMTP, HTTP, and FTP) to the engineer
port:

Notes

Layer-4 Bridging works for IP and IPX traffic only. The SSR will drop non-IP/IPX
traffic on a Layer-4 Bridging VLAN. For Appletalk and DECnet packets, a warning is
issued before the first packet is dropped.

acl 100 permit ip any any smtp
acl 100 deny ip any any http

acl 200 permit any any smtp
acl 200 permit any any http
acl 200 permit any any ftp

Apply a Layer-4 bridging ACL to a port

acl

apply port

ssr(config)# acl 100 apply port et.1.1 output

ssr(config)# acl 200 apply port et.1.3 output