User guide
E
XTREME
W
ARE
S
OFTWARE
U
SER
G
UIDE
16-11
U
SING
IP A
CCESS
L
ISTS
IP A
CCESS
L
IST
E
XAMPLES
This section presents two IP access list examples:
• Using the permit-establish keyword
• Filtering ICMP packets
U
SING
THE
P
ERMIT
-E
STABLISHED
K
EYWORD
This example uses an access list that permits TCP sessions (Telnet, FTP, and HTTP) to be
established in one direction.
The Summit7i, shown in Figure 16-1, is configured as follows:
• Two vlans, NET10 VLAN and NET20 VLAN are defined.
• The IP addresses for NET10 VLAN is 10.10.10.1/24.
• The IP address for NET20 VLAN is 10.10.20.1/24.
• The workstations are configured using addresses 10.10.10.100 and 10.10.20.100.
• IPForwarding is enabled.
Figure 16-1: Permit-established access list example topology
The following sections detail the steps used to configure the example.
Step 1 – Deny IP Traffic.
First, create an access-list that blocks all IP-related traffic. This includes any TCP- and
UDP-based traffic. Although ICMP is used in conjunction with IP, it is technically not an
IP data packet. Thus, ICMP data traffic, such as ping traffic, is not affected.
EW_033
10.10.10.1
10.10.10.100 10.10.20.100
10.10.20.1
NET20 VLANNET10 VLAN