Manualshelf

User guide

ManualsBrandsExtreme Networks ManualsComputer equipmentExtremeWare Enterprise Manager
301302303304305306307308309310
16-12 E
XTREME
W
ARE
S
OFTWARE
U
SER
G
UIDE
A
CCESS
P
OLICIES
The following command creates the access-list:
create access-list denyall ip destination any source any deny ports any
Figure 16-2 illustrates the outcome of the access list.
Figure 16-2: Access list denies all TCP and UDP traffic
Step 2 Allow TCP traffic.
The next set of access-list commands permits TCP-based traffic to flow. Because each
session is bi-directional, an access-list must be defined for each direction of the traffic
flow. UDP traffic is still blocked.
The following commands create the access list:
create access-list tcp1 tcp destination 10.10.20.100/32 ip any source
10.10.10.100/32 ip any permit qp1 ports any precedence 20
create access-list tcp2 tcp destination 10.10.10.100/32 ip any source
10.10.20.100/32 ip any permit qp1 ports any precedence 21
Figure 16-3 illustrates the outcome of this access list.
EW_034
10.10.10.1
10.10.10.100 10.10.20.100
10.10.20.1
NET20 VLANNET10 VLAN
TCP
UDP
ICMP