Filter
Top Products
Riverstone Networks RS Switch Router User Guide Release 8.0 25-15
Security Configuration Layer-4 Bridging and Filtering
The following is an example:
ACL 100 explicitly permits SMTP traffic and denies HTTP traffic. Note that because of the implicit deny rule
appended to the end of the ACL, all traffic (not just HTTP traffic) other than SMTP is denied.
ACL 200 explicitly permits SMTP, HTTP, and FTP traffic. The implicit deny rule denies any other traffic. See
Section 24.2, "Creating and Modifying ACLs," for more information on defining ACLs.
25.4.5 Applying a Layer-4 Bridging ACL to a Port
Finally, you apply the ACLs to the ports in the VLAN. To do this, enter the following command in Configure mode:
For the example in Figure 25-2, to apply ACL 100 (which denies all traffic except SMTP) to the consultant port:
To apply ACL 200 (which denies all traffic except SMTP, HTTP, and FTP) to the engineer port:
25.4.6 Notes
•
Layer-4 Bridging works for IP and IPX traffic only. The RS will drop non-IP/IPX traffic on a
Layer-4 Bridging VLAN. For Appletalk and DECnet packets, a warning is issued before the first
packet is dropped.
acl 100 permit ip any any smtp
acl 100 deny ip any any http
acl 200 permit any any smtp
acl 200 permit any any http
acl 200 permit any any ftp
Apply a Layer-4 bridging ACL to a port
acl
<name>
apply port
<port-list>
rs(config)#
acl 100 apply port et.1.1 output
rs(config)#
acl 200 apply port et.1.3 output