Riverstone Networks WICT1-12 Network Router User Manual

Open as PDF

of 718

25-12 Riverstone Networks RS Switch Router User Guide Release 8.0

Layer-3 Access Control Lists (ACLs) Security Configuration

To allow ONLY the engineering manager access to the engineering servers, you must "punch" a hole through the

secure-port wall. A "source static-entry" overrides a "source secure port".

Destination secure port: To block access to all file servers on all ports from port et.1.1 use the following command:

To allow all engineers access to the engineering servers, you must "punch" a hole through the secure-port wall. A "dest

static-entry" overrides a "dest secure port".

25.3 LAYER-3 ACCESS CONTROL LISTS (ACLS)

Access Control Lists (ACLs) allow you to restrict Layer-3/4 traffic going through the RS. Each ACL consists of one

or more rules describing a particular type of IP or IPX traffic. An ACL can be simple, consisting of only one rule, or

complicated with many rules. Each rule tells the router to either permit or deny the packet that matches the rule's packet

description.

For information about defining and using ACLs on the RS, see Chapter 24, "Access Control List Configuration."

25.4 LAYER-4 BRIDGING AND FILTERING

Layer-4 bridging is the RS’s ability to use layer-3/4 information to perform filtering or QoS during bridging. As

described in Section 25.2, "Layer-2 Security Filters," above, you can configure ports to filter traffic using MAC

addresses. Layer-4 bridging adds the ability to use IP addresses, layer-4 protocol type, and port number to filter traffic

in a bridged network. Layer-4 bridging allows you to apply security filters on a “flat” network, where the client and

server may reside on the same subnet.

Note

Ports that are included in a layer-4 bridging VLAN must reside on updated RS

hardware.

filters add static-entry name eng-mgr source-mac 080060:123456 vlan 1 in-port-list

et.1.1 out-port-list et.1.2 restriction allow

filters add secure-port name engineers direction dest vlan 1

in-port-list et.1.1

filters add static-entry name eng-server dest-mac 080060:abcdef vlan 1 in-port-list

et.1.1 out-port-list et.1.2 restriction allow

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Riverstone Networks WICT1-12 Network Router User Manual