Netgear M5300-28G-POE+ (GSM7228PSv1h2) - 12-Port Managed Gigabit Switch Ratgeber Für Administratoren
ACLs
263
Managed Switches
Example 2: Permit a Specific Host to Access the Switch
Through SSH Only
Through SSH Only
Permit a specific host access the switch over an SSH connection only.
(Netgear Switch) (Config)#ip access-list acl_for_cpu
(Netgear Switch) (Config-ipv4-acl)#permit tcp 10.100.5.13 0.0.0.0 any eq ssh
(Netgear Switch) (Config-ipv4-acl)#deny tcp any any eq ssh
(Netgear Switch) (Config-ipv4-acl)#permit every
(Netgear Switch) (Config-ipv4-acl)#exit
(Netgear Switch) (Config)#ip access-group acl_for_cpu control-plane
Configure IPv6 ACLs
This feature extends the existing IPv4 ACL by providing support for IPv6 packet
classification. Each ACL is a set of up to 12 rules applied to inbound traffic. Each rule
specifies whether the contents of a given field should be used to permit or deny access to the
network, and can apply to one or more of the following fields within a packet:
classification. Each ACL is a set of up to 12 rules applied to inbound traffic. Each rule
specifies whether the contents of a given field should be used to permit or deny access to the
network, and can apply to one or more of the following fields within a packet:
•
Source IPv6 prefix
•
Destination IPv6 prefix
•
Protocol number
•
Source Layer 4 port
•
Destination Layer 4 port
•
DSCP value
•
Flow label
Note that the order of the rules is important: When a packet matches multiple rules, the first
rule takes precedence. Also, once you define an ACL for a given port, all traffic not
specifically permitted by the ACL is denied access.
rule takes precedence. Also, once you define an ACL for a given port, all traffic not
specifically permitted by the ACL is denied access.