Filter
Top Products
320
Intel
®
NetStructure™ 480T Routing Switch User Guide
IP Access List Examples
This section presents two IP access list examples:
• Using the permit-establish keyword
• Filtering ICMP packets
Example 1: Using the Permit-Established
Keyword
This example uses an access list that permits TCP sessions (Telnet,
FTP, and HTTP) to be established in one direction.
The switch shown in Figure 17.1 is configured as:
• Two VLANs, NET10 VLAN and NET20 VLAN, are defined.
• The IP address for NET10 VLAN is 10.10.10.1/24.
• The IP address for NET20 VLAN is 10.10.20.1/24.
• The workstations are configured using addresses 10.10.10.100
and 10.10.20.100.
• IP Forwarding is enabled.
These sections detail the steps used to configure the example.
Step 1 – Deny IP Traffic
First, create an access-list that blocks all IP-related traffic. This
includes any TCP- and UDP-based traffic. Although ICMP is used
show access-list {<name> | ports
<portlist>}
Displays access-list information.
show access-list-fdb Displays the hardware access control list
mapping.
show access-list-monitor Refreshes the access-list statistics display.
Table 17.1: Access List Configuration Commands (continued)
Command Description