ACL Example 3-Blocking Http Traffic | Juniper Networks EX2500

Chapter 5: Quality of Service

3. Verify the configuration.

ex2500#	show access-lists 1
Standard IP Access List		1
----------------------------
Source IP address			: 0.0.0.0
Source IP address mask			: 0.0.0.0
Destination IP address			: 100.10.1.1
Destination IP address		mask	: 255.255.255.255
In Port List			: 1
Filter Action			: Deny
Status			: InActive

ACL Example 2—Blocking Traffic from a Source to a Destination

Use this configuration to block traffic from a network destined for a specific host address. All traffic that ingresses port 10 with source IP from the class 100.10.1.0/24 and destination IP 200.20.2.2 is denied.

1.Configure an Access Control List.

ex2500(config)# access-list ip 160 standard ex2500(config-std-nacl)# deny 100.10.1.0 255.255.255.0 host 200.20.2.2 ex2500(config-std-nacl)# exit

2.Assign the ACL to port 10.

ex2500(config)# interface port 10 ex2500(config-if)#ip access-group 160 in ex2500(config-if)#exit

ACL Example 3—Blocking HTTP Traffic

Use this configuration to block HTTP traffic on a port.

1.Configure an Access Control List.

ex2500(config)# access-list ip 170 extended ex2500(config-ext-nacl)#deny tcp any any eq 80 ex2500(config-ext-nacl)#exit

2.Add the ACL to a port.

ex2500(config)# interface port 12 ex2500(config-if)# ip access-group 170 in ex2500(config-if)#exit

Using ACL Filters 57

Image 71

Juniper Networks EX2500 manual ACL Example 3-Blocking Http Traffic, Add the ACL to a port

Contents

North Mathilda Avenue Sunnyvale, CA Configuration Guide Ii „ Table of Contents Chapter VLANs Rmon Overview Rmon Group 1-Statistics Rmon Group 2-History Chapter Ports and Trunking Indexes Port Mirroring Overview Configuring Port MirroringAppendixes Port-Based Vlan Assignment Default Vlan SettingsPage List of Tables EX2500 Ethernet Switch Configuration Guide „ List of Tables Supported Platforms About This GuideObjectives Audience Icon Meaning Description Documentation Conventions Requesting Technical Support List of Technical PublicationsDocumentation Feedback Opening a Case with Jtac Self-Help Online Tools and Resources EX2500 Ethernet Switch Applications Page Configuring the Management Interface Accessing the Switch Configure the default gateway. Enable the gateway Dynamic Host Configuration Protocol Using the EX2500 Web Device Manager Using Telnet Configuring EX2500 Web Device Manager Access via Https Configuring EX2500 Web Device Manager Access via Http SNMPv1, SNMPv2 Using Snmp SNMPv3 Default ConfigurationUser Configuration Configure an entry in the notify table Configuring Snmp Trap HostsSNMPv1 Trap Host Configuration SNMPv2 Trap Host Configuration SNMPv3 Trap Host Configuration Securing Access to the Switch Configure the Radius secret Radius Authentication and AuthorizationHow Radius Authentication Works Configuring Radius on the Switch Radius Authentication Features in the EX2500 Switch Radius Attributes for EX2500 User Privileges Switch User Accounts TACACS+ Authentication Features in the EX2500 Switch TACACS+ AuthenticationHow TACACS+ Authentication Works „ starttime „ stoptime „ elapsedtime „ disccause Configure the TACACS+ secret and second secret Command Authorization and LoggingConfiguring TACACS+ Authentication on the Switch SSH Encryption of Management Messages Configuring SSH Features on the SwitchGenerating RSA Host and Server Keys for SSH Access Secure Shell SSH Integration with Radius and TACACS+ Authentication End User Access Control User Access Control Considerations for Configuring End User Accounts Logging In to an End User Account Listing Current Users Vlan Overview VLANs Pvid Numbers „ Port configurationVLANs and Port Vlan ID Numbers Vlan Numbers Vlan Tagging Illustrates the default Vlan settings on the switch Default Vlan Settings Port-Based Vlan Assignment Vlan Topologies and Design Considerations Vlan Configuration Rules Multiple VLANs example in is described in Table Multiple VLANs Configuration Example Enable tagging on uplink ports that support multiple VLANs Private Vlan Ports Private VLANs Verify the configuration Private Vlan Configuration GuidelinesPrivate Vlan Configuration Example Configure a secondary Vlan and map it to the primary Vlan Spanning Tree Overview Spanning Tree Protocol Bridge Priority Bridge Protocol Data Units BPDUsDetermining the Path for Forwarding BPDUs Port Path Cost Spanning Tree Group Configuration GuidelinesChanging the Spanning Tree Mode Port Priority Adding and Removing Ports from STGs Creating a VlanRules for Vlan Tagged Ports Port State Changes Rapid Spanning Tree Protocol Edge Port Rstp Configuration GuidelinesRstp Configuration Example Port Type and Link Type Per Vlan Rapid Spanning Tree Default Spanning Tree ConfigurationWhy Do We Need Multiple Spanning Trees? Configuring Pvrst Pvrst Configuration Guidelines Common Internal Spanning Tree Mstp Configuration GuidelinesMultiple Spanning Tree Protocol Mstp Region Implementing Multiple Spanning Tree Groups Multiple Spanning Tree Groups Configuration Example Vlan Fast Uplink Convergence Configuring Fast Uplink Convergence Configuration Guidelines Statistical Load Distribution Ports and TrunkingTrunking Overview Trunk Group Configuration Rules Built-In Fault ToleranceBefore Configuring Static Trunks Port Trunk Group Configuration Example Port Trunking Configuration Example Follow these steps on the EX2500 switch Define a trunk group „ Destination IP DIP Configurable Trunk Hash AlgorithmLink Aggregation Control Protocol „ Destination MAC Dmac 48 „ Link Aggregation Control Protocol Set the Lacp mode Lacp Configuration GuidelinesConfiguring Lacp Optionally Reducing Lacp Timeout Ex2500config-if# lacp timeout short ex2500config-if# exit QoS Overview Quality of Service COS Using ACL Filters To delete an IP Standard ACL MAC Extended ACLsIP Standard ACLs To delete a MAC Extended ACL To delete an IP Extended ACL IP Extended ACLs TCP/UDP Understanding ACL Priority ACL Example 1-Blocking Traffic to a Host ACL Configuration ExamplesAssigning ACLs to a Port Viewing ACL Statistics Add the ACL to a port ACL Example 3-Blocking Http Traffic Assign the ACLs to a port ACL Example 4-Blocking All Except Certain Packets Broadcast Storms Using Storm Control FiltersConfiguring Storm Control Differentiated Services Concepts Using Dscp Values to Provide QoS Assured Forwarding Drop Precedence Class Per Hop Behavior Dscp Mapping Use the following command to perform Dscp mappingQoS Levels Shows the priority bits in a VLAN-tagged packet Using 802.1p Priority to Provide QoS Queuing and Scheduling Rmon Overview Remote Monitoring Rmon Group 1-Statistics Configure the Rmon statistics on a port Rmon Group 2-History Configuring Rmon HistoryConfigure the Rmon History parameters for a port This configuration enables Rmon History collection on port Configure the Rmon Alarm parameters to track Icmp messages Rmon Group 3-AlarmsAlarm MIB Objects Configuring Rmon Alarms Rmon Group 9-Events Ex2500config# rmon event 110 type log-onlyPage Igmp Snooping Igmp FastLeave IGMPv3 Snooping Igmp Snooping Configuration Example Ex2500# show ip igmp groups Static Multicast Router High Availability Overview High Availability Through Uplink Failure Detection Failure Detection Pair Spanning Tree Protocol with UFD UFD Configuration Guidelines Monitoring UFD UFD Configuration ExamplePage Appendixes EX2500 Ethernet Switch Configuration Guide 80 „ Appendixes Port Mirroring Overview „ Port Mirroring Overview on „ Configuring Port Mirroring on Configuring Port Mirroring „ Index on Indexes EX2500 Ethernet Switch Configuration Guide 84 „ Indexes Numerics Index Internet Group Management Protocol. See Igmp Management interface, configuringMulti-links between switches, port trunking Physical. See switch ports Segmentation. See IP subnets Segments. See IP subnets Quality of Service. See QoSQoS Security Example showing multiple VLANs Virtual Local Area Networks. See VLANs