Netgear M4200-10MG-PoE+ (GSM4210P) - Multigigabit Managed Switch with 8*2.5G and 2x10G SFP+ Layer 3 Administrator's Guide
ACLs
213
Managed Switches
The following examples show how to configure a management ACL.
Example 1: Permit Any Host to Access the Switch Through
Telnet or HTTP:
Telnet or HTTP:
Permit any host to access the managed VLAN IP address of 169.254.100.100 through a
Telnet or HTTP connection:
Telnet or HTTP connection:
Example 2: Permit a Specific Host to Access the Switch
Through SSH Only
Through SSH Only
Permit a specific host access the switch over an SSH connection only.
Configure IPv6 ACLs
This feature extends the existing IPv4 ACL by providing support for IPv6 packet
classification. Each ACL is a set of up to 12 rules applied to inbound traffic. Each rule
specifies whether the contents of a given field should be used to permit or deny access to the
network, and can apply to one or more of the following fields within a packet:
classification. Each ACL is a set of up to 12 rules applied to inbound traffic. Each rule
specifies whether the contents of a given field should be used to permit or deny access to the
network, and can apply to one or more of the following fields within a packet:
•
Source IPv6 prefix
•
Destination IPv6 prefix
•
Protocol number
•
Source Layer 4 port
•
Destination Layer 4 port
•
DSCP value
•
Flow label
(Netgear Switch) (Config)#ip access-list acl_for_cpu
(Netgear Switch) (Config-ipv4-acl)#permit tcp any 169.254.100.100 0.0.0.0 eq telnet
(Netgear Switch) (Config-ipv4-acl)#deny tcp any any eq http
(Netgear Switch) (Config-ipv4-acl)#permit tcp any 169.254.100.100 0.0.0.0 eq http
(Netgear Switch) (Config-ipv4-acl)#deny tcp any any eq http
(Netgear Switch) (Config-ipv4-acl)#deny every
(Netgear Switch) (Config-ipv4-acl)#exit
(Netgear Switch) (Config)#ip access-group acl_for_cpu control-plane
(Netgear Switch) (Config)#ip access-list acl_for_cpu
(Netgear Switch) (Config-ipv4-acl)#permit tcp 10.100.5.13 0.0.0.0 any eq ssh
(Netgear Switch) (Config-ipv4-acl)#deny tcp any any eq ssh
(Netgear Switch) (Config-ipv4-acl)#permit every
(Netgear Switch) (Config-ipv4-acl)#exit
(Netgear Switch) (Config)#ip access-group acl_for_cpu control-plane