Manualshelf

User Manual

ManualsBrandsCabletron ManualsCables & InterconnectsCabletron Tpfot-2 10BT Transceiver 1 RJ45 Utp to 1 St MMf
441442443444445446447448449450
Layer-4 Bridging and Filtering
424 Enterasys X-Pedition User Reference Manual
Creating ACLs to Specify Selection Criteria for Layer-4 Bridging
Access control lists (ACLs) specify the kind of filtering to be done for Layer-4 Bridging.
In the example in Figure 30 on page 422, to allow the consultants access to the file server for e-mail
(SMTP) traffic, but not for Web (HTTP) traffic—and allow e-mail, Web, and FTP traffic between
the engineers and the file server, you would create ACLs that allow only SMTP traffic on the port
to which the consultants are connected and allow SMTP, HTTP, and FTP traffic on the ports to
which the engineers are connected.
The following is an example:
ACL 100 explicitly permits SMTP traffic and denies HTTP traffic. Note that because of the
implicit deny rule appended to the end of the ACL, all traffic (not just HTTP traffic) other than
SMTP is denied.
ACL 200 explicitly permits SMTP, HTTP, and FTP traffic. The implicit deny rule denies any other
traffic. See Creating ACLs on page 374 for more information on defining ACLs.
Applying a Layer-4 Bridging ACL to a Port
Finally, you apply the ACLs to the ports in the VLAN. To do this, enter the following command in
Configure Mode:
For the example in Figure 30 on page 422, to apply ACL 100 (which denies all traffic except
SMTP) to the consultant port:
To apply ACL 200 (which denies all traffic except SMTP, HTTP, and FTP) to the engineer port:
acl 100 permit ip any any smtp
acl 100 deny ip any any http
acl 200 permit any any smtp
acl 200 permit any any http
acl 200 permit any any ftp
Apply a Layer-4 bridging ACL to a port acl <name> apply port <port-list>
xp(config)# acl 100 apply port et.1.1 output
xp(config)# acl 200 apply port et.1.3 output