Network Router User Manual
Table Of Contents
- Notices
- Contents
- About This Manual
- Introduction
- Hot Swapping Line Cards and Control Modules
- Bridging Configuration Guide
- Bridging Overview
- VLAN Overview
- Configuring SSR Bridging Functions
- Monitoring Bridging
- Configuration Examples
- SmartTRUNK Configuration Guide
- ATM Configuration Guide
- Packet-over-SONET Configuration Guide
- DHCP Configuration Guide
- IP Routing Configuration Guide
- IP Routing Protocols
- Configuring IP Interfaces and Parameters
- Configuring IP Interfaces to Ports
- Configuring IP Interfaces for a VLAN
- Specifying Ethernet Encapsulation Method
- Configuring Jumbo Frames
- Configuring Address Resolution Protocol (ARP)
- Configuring Reverse Address Resolution Protocol (RARP)
- Configuring DNS Parameters
- Configuring IP Services (ICMP)
- Configuring IP Helper
- Configuring Direct Broadcast
- Configuring Denial of Service (DOS)
- Monitoring IP Parameters
- Configuring Router Discovery
- Configuration Examples
- VRRP Configuration Guide
- RIP Configuration Guide
- OSPF Configuration Guide
- BGP Configuration Guide
- Routing Policy Configuration Guide
- Route Import and Export Policy Overview
- Configuring Simple Routing Policies
- Configuring Advanced Routing Policies
- Multicast Routing Configuration Guide
- IP Policy-Based Forwarding Configuration Guide
- Network Address Translation Configuration Guide
- Web Hosting Configuration Guide
- Overview
- Load Balancing
- Web Caching
- IPX Routing Configuration Guide
- Access Control List Configuration Guide
- Security Configuration Guide
- QoS Configuration Guide
- Performance Monitoring Guide
- RMON Configuration Guide
- LFAP Configuration Guide
- WAN Configuration Guide
- WAN Overview
- Frame Relay Overview
- Configuring Frame Relay Interfaces for the SSR
- Monitoring Frame Relay WAN Ports
- Frame Relay Port Configuration
- Point-to-Point Protocol (PPP) Overview
- Configuring PPP Interfaces
- Monitoring PPP WAN Ports
- PPP Port Configuration
- WAN Configuration Examples
- New Features Supported on Line Cards
Chapter 20: Security Configuration Guide
288 SmartSwitch Router User Reference Manual
In the example in Figure 25 on page 286, to allow the consultants access to the file server
for e-mail (SMTP) traffic, but not for Web (HTTP) traffic — and allow e-mail, Web, and
FTP traffic between the engineers and the file server, you would create ACLs that allow
only SMTP traffic on the port to which the consultants are connected and allow SMTP,
HTTP, and FTP traffic on the ports to which the engineers are connected.
The following is an example:
ACL 100 explicitly permits SMTP traffic and denies HTTP traffic. Note that because of the
implicit deny rule appended to the end of the ACL, all traffic (not just HTTP traffic) other
than SMTP is denied.
ACL 200 explicitly permits SMTP, HTTP, and FTP traffic. The implicit deny rule denies any
other traffic. See “Creating and Modifying ACLs” on page 264 for more information on
defining ACLs.
Applying a Layer-4 Bridging ACL to a Port
Finally, you apply the ACLs to the ports in the VLAN. To do this, enter the following
command in Configure Mode:
For the example in Figure 25 on page 286, to apply ACL 100 (which denies all traffic
except SMTP) to the consultant port:
To apply ACL 200 (which denies all traffic except SMTP, HTTP, and FTP) to the engineer
port:
Notes
• Layer-4 Bridging works for IP and IPX traffic only. The SSR will drop non-IP/IPX
traffic on a Layer-4 Bridging VLAN. For Appletalk and DECnet packets, a warning is
issued before the first packet is dropped.
acl 100 permit ip any any smtp
acl 100 deny ip any any http
acl 200 permit any any smtp
acl 200 permit any any http
acl 200 permit any any ftp
Apply a Layer-4 bridging ACL to a port acl <name> apply port <port-list>
ssr(config)# acl 100 apply port et.1.1 output
ssr(config)# acl 200 apply port et.1.3 output