Netgear GSM7228PS - ProSAFE 28 ports Gigabit Ethernet L2 Managed Stackable Switch with PoE Administrator's Guide
Chapter 10. ACLs
|
113
ProSafe 7000 Managed Switch Release 8.0.3
4.
Apply the ACL to one or more interfaces.
Set Up an IP ACL with Two Rules
This section shows you how to set up an IP ACL with two rules, one applicable to TCP traffic
and one to UDP traffic. The content of the two rules is the same. TCP and UDP packets will
be accepted by the 7000 Series Managed Switch only if the source and destination stations
have IP addresses within the defined sets.
and one to UDP traffic. The content of the two rules is the same. TCP and UDP packets will
be accepted by the 7000 Series Managed Switch only if the source and destination stations
have IP addresses within the defined sets.
192.168.77.1
192.168.77.4
192.168.77.9
192.168.77.2
Layer 2 switch
Layer 3 switch
Port 1/0/2
ACL 1
ACL 1
TCP packet to
192.178.88.3 rejected.
Dest. IP not in range.
192.178.88.3 rejected.
Dest. IP not in range.
TCP packet to
192.178.77.3 accepted.
Dest. IP in range.
192.178.77.3 accepted.
Dest. IP in range.
Figure 14. IP ACL with rules for TCP rraffic and UDP rraffic
CLI: Set Up an IP ACL with Two Rules
The following is an example of configuring ACL support on a 7000 Series Managed Switch.
Create ACL 101. Define the first rule: The ACL will permit packets that match the specified
source IP address (after the mask has been applied), that are carrying TCP traffic, and that
are sent to the specified destination IP address.
source IP address (after the mask has been applied), that are carrying TCP traffic, and that
are sent to the specified destination IP address.
1.
Enter these commands:
(Netgear Switch) #config
(Netgear Switch) (Config)#access-list 101 permit tcp 192.168.77.0 0.0.0.255
192.178.77.0 0.0.0.255