Filter
Top Products
SmartSwitch Router User Reference Manual 285
Chapter 20: Security Configuration Guide
Note:
If the consultant’s MAC is detected on a different port, all of its traffic will be
blocked.
Example 2 : Secure Ports
Source secure port: To block all engineers on port 1 from accessing all other ports, enter
the following command:
To allow ONLY the engineering manager access to the engineering servers, you must
"punch" a hole through the secure-port wall. A "source static-entry" overrides a "source
secure port".
Destination secure port: To block access to all file servers on all ports from port et.1.1 use
the following command:
To allow all engineers access to the engineering servers, you must "punch" a hole through
the secure-port wall. A "dest static-entry" overrides a "dest secure port".
Layer-3 Access Control Lists (ACLs)
Access Control Lists (ACLs) allow you to restrict Layer-3/4 traffic going through the SSR.
Each ACL consists of one or more rules describing a particular type of IP or IPX traffic. An
ACL can be simple, consisting of only one rule, or complicated with many rules. Each rule
tells the router to either permit or deny the packet that matches the rule's packet
description.
For information about defining and using ACLs on the SSR, see “Access Control List
Configuration Guide” on page 259.
filters add secure-port name engineers direction source vlan 1
in-port-list et.1.1
filters add static-entry name eng-mgr source-mac 080060:123456 vlan 1
in-port-list et.1.1 out-port-list et.1.2 restriction allow
filters add secure-port name engineers direction dest vlan 1
in-port-list et.1.1
filters add static-entry name eng-server dest-mac 080060:abcdef vlan 1
in-port-list et.1.1 out-port-list et.1.2 restriction allow