Manualshelf

User guide

ManualsBrandsExtreme Networks ManualsComputer equipmentSummit Summit4
141142143144145146147148149150
144 ExtremeWare 7.2e Installation and User Guide
Security
Figure 19: Access control list denies all TCP and UDP traffic
Step 2—Allow TCP traffic.
The next set of access list commands permits TCP-based traffic to flow. Because each session is
bi-directional, an access list must be defined for each direction of the traffic flow. UDP traffic is still
blocked.
The following commands create the access control list:
create access-mask ip_addr_mask ipprotocol dest-ip/32 source-ip/32 ports precedence
20000
create access-list tcp1_2 ip_addr_mask ipprotocol tcp dest-ip 10.10.20.100/32
source-ip 10.10.10.100/32 ports 2 permit qp1
create access-list tcp2_1 ip_addr_mask ipprotocol tcp dest-ip 10.10.10.100/32
source-ip 10.10.20.100/32 ports 10 permit qp1
Figure 20 illustrates the outcome of this access list.
Figure 20: Access list allows TCP traffic
Step 3 - Permit-Established Access List.
When a TCP session begins, there is a three-way handshake that includes a sequence of a SYN,
SYN/ACK, and ACK packets. Figure 21 shows an illustration of the handshake that occurs when host A
initiates a TCP session to host B. After this sequence, actual data can be passed.
ES4K010
10.10.10.1
10.10.10.100 10.10.20.100
10.10.20.1
NET20 VLANNET10 VLAN
TCP
UDP
ICMP
EW_03
5
TCP
UDP
ICMP
10.10.10.100 10.10.20.100