Manualshelf

User Manual

ManualsBrandsPLANET Technology ManualsLAN SwitchesLayer 3 24-Port 10G SFP+ + 4-Port 100G QSFP28 Managed Switch
401402403404405406407408409410
402
Users Manual of XGS-6350-24X4C
During the connection period, the same two port numbers are used. The mail packet from the Internet has a
destination port, that is, port 25. The outgoing packet has a contrary port number. In fact, the security system
behind the routing switch always receives mails from port 25. That is the exact reason why the incoming
service and the outgoing service can be uniquely controlled. The access list can be configured as the
outgoing service or the incoming service.
In the following case, the Ethernet is a B-type network with the address 130.20.0.0. The address of the mail
host is 130.20.1.2. The keyword established is only used for the TCP protocol, meaning a connection is
created. If TCP data has the ACK or RST digit to be set, the match occurs, meaning that the packet belongs to
an existing connection.
ip access-list aaa
permit tcp any 130.20.0.0 255.255.0.0 established
permit tcp any 130.20.1.2 255.255.255.255 eq 25
interface vlan 10
ip access-group aaa in
43.4.3 Configuring IP Access List Based on Physical Port
43.4.3.1 Filtering IP Message
43.4.3.2 Filtering IP Message
Filtering message helps control the movement of packet in the network. The control can limit network
transmission and network usage through a certain user or device. To make packets valid or invalid through
the crossly designated interface, our routing switch provides the access list. The access list can be used in
the following modes:
Controlling packet transmission on the interface
Controlling virtual terminal line access
Limiting route update content
The section describes how to create IP access lists and how to use them.
The IP access list is an orderly set of the permit/forbid conditions for applying IP addresses. The ROS
software of our switch tests the address one by one in the access list according to regulations. The first match
determines whether the ROS accepts or declines the address. After the first match, the ROS software
terminates the match regulations. The order of the conditions is, therefore, important. If no regulations match,
the address is declined.
Use the access list by following the following steps:
(1) Create the access list by designating the access list name and conditions.
(2) Apply the access list to the interface.
43.4.3.3 Creating Standard and Extensible IP Access List
Use a character string to create an IP access list.