Extreme Networks 200 Series Switch User Manual

Open as PDF

of 338

116 Summit 200 Series Switch Installation and User Guide

Access Policies

Routing Access Policies

Routing access policies are used to control the advertisement or recognition of routing protocols, such as

RIP or OSPF. Routing access policies can be used to ‘hide’ entire networks, or to trust only specific

sources for routes or ranges of routes. The capabilities of routing access policies are specific to the type

of routing protocol involved, but are sometimes more efficient and easier to implement than access lists.

Using Access Control Lists

Each access control list consists of an access mask that selects which fields of each incoming packet to

examine, and a list of values to compare with the values found in the packet. Access masks can be

shared multiple access control lists, using different lists of values to examine packets. The following

sections describe how to use access control lists.

Access Masks

There are between twelve and fourteen access masks available in the Summit 200 series switch,

depending on which features are enabled on the switch. Each access mask is created with a unique

name and defines a list of fields that will be examined by any access control list that uses that mask

(and by any rate limit that uses the mask).

An access mask consists of a combination of the following thirteen fields:

• Ethernet destination MAC address

• Ethernet source MAC address

• VLANid

• IP Type of Service (TOS) or DiffServ code point

• Ethertype

• IP protocol

• IP destination address and netmask

• Layer 4 destination port

• IP source address and netmask

• Layer 4 source port, or ICMP type and/or ICMP code

• TCP session initiation bits (permit-established keyword)

• Egress port

• Ingress ports

An access mask can also have an optional, unique precedence number associated with it.

Access Lists

Each entry that makes up an access list contains a unique name and specifies a previously created

access mask. The access list also includes a list of values to compare with the incoming packets, and an

action to take for packets that match. When you create an access list, you must specify a value for each

of the fields that make up the access mask used by the list.

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Extreme Networks 200 Series Switch User Manual