NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2
9-6 Access Control Lists (ACLs)
v1.0, May 2008
Create VLAN 200 with port 0/44 and assign IP address 192.168.200.1/24.
(Netgear Switch) #vlan database
(Netgear Switch) (Vlan)#vlan 200
(Netgear Switch) (Vlan)#vlan routing 200
(Netgear Switch) (Vlan)#exit
(Netgear Switch) #configure
(Netgear Switch) (Config)#interface 0/44
(Netgear Switch) (Interface 0/44)#vlan pvid 200
(Netgear Switch) (Interface 0/44)#vlan participation include 200
(Netgear Switch) (Interface 0/44)#exit
(Netgear Switch) (Config)#interface vlan 200
(Netgear Switch) (Interface-vlan 200)#routing
(Netgear Switch) (Interface-vlan 200)#ip address 192.168.200.1 255.255.255.0
(Netgear Switch) (Interface-vlan 200)#exit
Add two static routes so that the switch forwards the packets for which the
destinations are 192.168.40.0/24 and 192.168.50.0/24 to the correct next hops.
(Netgear Switch) (Config)#ip routing
(Netgear Switch) (Config)#ip route 192.168.40.0 255.255.255.0 192.168.200.2
(Netgear Switch) (Config)#ip route 192.168.50.0 255.255.255.0 192.168.200.2
Create an ACL that denies all the packets with TCP flags +syn-ack.
(Netgear Switch) (Config)#access-list 101 deny tcp any any flag +syn -ack
Create an ACL that permits all the IP packets.
(Netgear Switch) (Config)#access-list 102 permit ip any any
Apply the ACL 101 and 102 to the port 0/44; the sequence of 101 is 1 and
of 102 is 2.
(Netgear Switch) (Config)#interface 0/44
(Netgear Switch) (Interface 0/44)#ip access-group 101 in 1
(Netgear Switch) (Interface 0/44)#ip access-group 102 in 2
(Netgear Switch) (Interface 0/44)#exit