Manuals / Brands / Computer Equipment / Switch / NETGEAR / Computer Equipment / Switch

NETGEAR 7000 Series Example #2: Configure a One-Way Access Using a TCP Flag in an ACL

1 220

Download 220 pages, 2.99 Mb

NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2

9-4 Access Control Lists (ACLs)

v1.0, May 2008

Example #2: Configure a One-Way Access Using a TCP Flag in an ACL

This example shows how to set up one-way web access using a TCP flag in an ACL.

PC1 can access FTP server1 and FTP server2 but PC2 only access FTP server2.

Create ACL 101. Define the first rule: the ACL will permit packets with a match

on the specified source IP address (after the mask has been applied), that are

carrying TCP traffic, and that are sent to the specified destination IP address.

(Netgear Switch) #config

(Netgear Switch) (Config)#access-list 101 permit tcp 192.168.77.0 0.0.0.255

192.178.77.0 0.0.0.255

Define the second rule for ACL 101. Define the rule to set similar conditions

for UDP traffic as for TCP traffic.

(Netgear Switch) (Config)#access-list 101 permit udp 192.168.77.0 0.0.0.255

192.178.77.0 0.0.0.255

Apply the rule to inbound traffic on port 1/0/2. Only traffic matching the

criteria will be accepted.

(Netgear Switch) (Config)#interface 1/0/2

(Netgear Switch) (Interface 1/0/2)#ip access-group 101 in

(Netgear Switch) (Interface 1/0/2)#exit

(Netgear Switch) (Config)#exit

Figure 9-2

Contents

Main ii v1.0, May 2008 Trademarks Statement of Conditions Certificate of the Manufacturer/Importer Besttigung des Herstellers/Importeurs Voluntary Control Council for Interference (VCCI) Statement Canadian Department of Communications Radio Interference Regulations 7000 Series Managed Switch Product and Publication Details Contents NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 Page Page Page Page Page Page Page Page Page About This Manual Conventions, Formats and Scope How to Use This Manual How to Print this Manual Revision History Page Chapter 1 Introduction Document Organization Audience CLI Documentation Related Documentation Page Chapter 2 Getting Started In-band and Out-of-band Connectivity Subnet Configuring for In-band Connectivity IP Address gateway MAC Address Configuring for Out-Of-Band Connectivity Starting the Switch Initial Configuration Initial Configuration Procedure Software Installation Quick Starting the Networking Device System Information and System Setup Page Page Page Page Chapter 3 Using Ezconfig for Switch Setup Changing the Password Setting Up the Switch IP Address Assigning Switch Name and Location Information Saving the Configuration Page Chapter 4 Using the Web Interface Configuring for Web Access Starting the Web Interface Web Interface Layout Page Page Page Configuring an SNMP V3 User Profile Chapter 5 Virtual LANs VLAN Configuration Example Example #1: Create Two VLANs Example #2: Assign Ports to VLAN2 Example #3: Assign Ports to VLAN3 Example #4: Assign VLAN3 as the Default VLAN Page Chapter 6 Link Aggregation Example #1: Create two LAGS Link Aggregation 6-3 Example #2: Add the ports to the LAGs Example #3: Enable both LAGs At this point, the LAGs could be added to VLANs. By default, the system enables link trap notification Page Chapter 7 IP Routing Services Port Routing Port Routing Configuration Page VLAN Routing VLAN Routing Configuration Page VLAN Routing RIP Configuration Page IP Routing Services 7-9 Example of configuring VLAN Routing with RIP support on a 7000 Series Managed Switch VLAN Routing OSPF Configuration IP Routing Services 7-11 Example of configuring OSPF on a 7000 Series Managed Switch acting as an inter-area router: Routing Information Protocol RIP Configuration Page Page OSPF Page Page Page Page NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2 7-20 IP Routing Services The following example configures OSPF on a 7000 Series Managed Switch operating as a border router: Proxy Address Resolution Protocol (ARP) Overview 7-22 IP Routing Services Example #2: ip proxy-arp Chapter 8 Virtual Router Redundancy Protocol Page Virtual Router Redundancy Protocol 8-3 Example #1: Configure VRRP on a Master Router 8-4 Virtual Router Redundancy Protocol Example #2: Configure VRRP on a Backup Router Chapter 9 Access Control Lists (ACLs) Limitations MAC ACLs Configuring IP ACLs Process IP ACL Examples Example #1: Set up an IP ACL with Two Rules Example #2: Configure a One-Way Access Using a TCP Flag in an ACL Access Control Lists (ACLs) 9-5 To use the CLI to configure the GSM7248R, enter the following CLI commands: 9-6 Access Control Lists (ACLs) Access Control Lists (ACLs) 9-7 To use the CLI to Configure the GSM7352S, enter the following CLI commands: Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Example #3: Configure Isolated VLANs on a Layer 3 switch by Using ACLs Page Access Control Lists (ACLs) 9-25 Page Page Page Page Page Page Page Page Page Page Page Page MAC ACL CLI Examples The following are examples of the commands used for the MAC ACLs feature. Example #1: mac access list Access Control Lists (ACLs) 9-39 Example #2: permit any Example #3 Configure mac access-group Example #4 permit Example #5: show mac access-lists Chapter 10 Class of Service (CoS) Queuing CoS Queue Mapping Trusted Ports Untrusted Ports CoS Queue Configuration Port Egress Queue Configuration Drop Precedence Configuration (per Queue) Per-Interface Basis 10-4 Class of Service (CoS) Queuing Example #1: show classofservice trust Example #2: set classofservice trust mode Class of Service (CoS) Queuing 10-5 Example #3: show classofservice ip-precedence mapping Example #4: Config Cos-queue Min-bandwidth and Strict Priority Scheduler Mode Example #5: Set CoS Trust Mode of an Interface Traffic Shaping CLI Example Example #1 traffic-shape Page Chapter 11 Differentiated Services Page Differentiated Services 11-3 The following example configures DiffServ on a 7000 Series Managed Switch: 11-4 Differentiated Services DiffServ for VoIP Configuration Example Page 11-6 Differentiated Services The following example configures DiffServ VoIP support: Chapter 12 IGMP Snooping Example #1: Enable IGMP Snooping 12-2 IGMP Snooping Example #2: show igmpsnooping Example #3: show mac-address-table igmpsnooping Chapter 13 Port Security Operation Port Security 13-3 The following are examples of the commands used in the Port Security feature. Example #1: show port security Example #2: show port security on a specific interface Example #3: (Config) port security Page Chapter 14 Traceroute 14-2 Traceroute Chapter 15 Configuration Scripting Considerations 15-2 Configuration Scripting Example #1: script Example #2: script list and script delete Example #3: script apply running-config.scr Configuration Scripting 15-3 Example #4: Creating a Configuration Script Example #5: Upload a Configuration Script Page Chapter 16 Outbound Telnet 16-2 Outbound Telnet Example #1: show network Example #2: show telnet Outbound Telnet 16-3 Example #3: transport output telnet Example #4: session-limit and session-timeout Page Chapter 17 Port Mirroring 17-2 Port Mirroring Example #1: show monitor session Example #2: show port all Use this command for a specific port. The output shows whether the port is the mirror or the probe Example #3: show port interface Note: Monitor session ID 1 - 1 is a hardware limitation. Example #4: (Config) monitor session 1 mode To set up port mirroring, specify the monitor session, then the mode. 17-4 Port Mirroring Example #5: (Config) monitor session 1 source interface Specify the source (mirrored) ports and destination (probe) port. Example #6: (Interface) port security Chapter 18 Simple Network Time Protocol (SNTP) Example #1: show sntp 18-2 Simple Network Time Protocol (SNTP) Example #2: show sntp client Example #3: show sntp server Example #4: Configure SNTP Page Example #5: Setting Time Zone Example #6: Setting Named SNTP Server Chapter 19 Syslog Persistent Log Files Interpreting Log Files DEF GH I C Syslog 19-3 Example #1: show logging Example #2: show logging buffered 19-4 Syslog Example #3: show logging traplogs Example #4: show logging hosts Syslog 19-5 Example #5: logging port configuration Page Chapter 20 Managing Switch Stacks Understanding Switch Stacks Switch Stack Membership Switch Stack Cabling (FSM73xxS) Stack Master Election and Re-Election Stack Member Numbers Stack Member Priority Values Switch Stack Offline Configuration Effects of Replacing a Preconfigured Switch in a Switch Stack Effects of Removing a Preconfigured Switch from a Switch Stack Switch Stack Software Compatibility Recommendations Incompatible Software and Stack Member Image Upgrades Switch Stack Configuration Files Switch Stack Management Connectivity Connectivity to the Switch Stack Through Console Ports Connectivity to the Switch Stack Through Telnet Switch Stack Configuration Scenarios Page Stacking Recommendations General Practices Initial installation and Power-up of a Stack Removing a Unit from the Stack Adding a Unit to an Operating Stack Replacing a Stack Member with a New Unit Renumbering Stack Members Moving a Master to a Different Unit in the Stack Removing a Master Unit from an Operating Stack Merging Two Operational Stacks Preconfiguration Upgrading Firmware Migration of Configuration With a Firmware Upgrade Code Mismatch Page Chapter 21 Pre-Login Banner Example 1#: Create a Pre-Login Banner 2. Transfer the file from the PC to the switch using TFTP Note: The no clibanner command removes the banner from the switch. Chapter 22 IGMP Querier Example #1: Enable IGMP Querier Example #2: Show IGMP Querier Status Chapter 23 DNS Examples Example 1#: Specify Two DNS Servers Page Example 2#: Manually Add a Host Name and an IP Address Page Chapter 24 DHCP Server Examples Example 1#: Configure DHCP Server in Dynamic Mode Page Page Example #2: Configure a DHCP Server in Manual Mode Page Page Chapter 25 Protected Ports Example #1: Configure a Protected Port to Isolate Ports on the Switch 25-2 Protected Ports Figure 25-1 Protected Ports 25-3 Page Page Page Page Page Chapter 26 802.1x Port Security Example 1#: Enable 802.1x Authentication on One Port in a VLAN 26-2 802.1x Port Security Figure 26-1 Page Page Page Page Page Page Chapter 27 Double VLANs Example 1#: Enable a Double VLAN on a VLAN To use the CLI to enable a double VLAN on a VLAN, enter the following CLI commands: Page Page Page Page Index-1 Index Numerics A C Index-2 D E G I L Q R S T U