Filter
Top Products
20-8 Riverstone Networks RS Switch Router User Guide Release 8.0
IP Policy Configuration Examples IP Policy-Based Forwarding Configuration
20.2.3 Authenticating Users through a Firewall
You can define an IP policy that authenticates packets from certain users via a firewall before accessing the network.
If, for some reason the firewall is not responding, the packets to be authenticated are dropped. Figure 20-3 illustrates
this kind of configuration.
Figure 20-3 Using an IP policy to authenticate users through a firewall
Packets from users defined in the “contractors” group are sent through a firewall. If the firewall cannot be reached
packets from the contractors group are dropped. Packets from users defined in the “full-timers” group do not have to
go through the firewall.
The following is the IP policy configuration for the Policy Router in Figure 20-3:
interface create ip mls0 address-netmask 10.50.1.1/16 port et.1.1
acl contractors permit ip 10.50.1.0/24 any any any 0
acl full-timers permit ip 10.50.2.0/24 any any any 0
ip-policy access permit acl contractors next-hop-list 11.1.1.1 action policy-only
ip-policy access permit acl full-timers next-hop-list 12.1.1.1 action policy-first
ip-policy access apply interface mls0
full-timers
10.50.2.0/24
Servers
Rout-
Firewall
Policy
Router
Router
contractors
10.50.1.0/24
11.1.1.1
12.1.1.1