ProSafe M4100 and M7100 Managed Switches

4.Apply the ACL to one or more interfaces.

Set Up an IP ACL with Two Rules

This section shows you how to set up an IP ACL with two rules, one applicable to TCP traffic and one to UDP traffic. The content of the two rules is the same. TCP and UDP packets will be accepted by the M4100 and M7100 Managed Switch only if the source and destination stations have IP addresses within the defined sets.

Layer 3 switch

TCP packet to 192.178.88.3 rejected. Dest. IP not in range.

TCP packet to 192.178.77.3 accepted. Dest. IP in range.

Port 1/0/2

ACL 1

Layer 2 switch

192.168.77.1 192.168.77.4 192.168.77.9 192.168.77.2

Figure 16. IP ACL with rules for TCP rraffic and UDP rraffic

CLI: Set Up an IP ACL with Two Rules

The following is an example of configuring ACL support on a 7000 Series Managed Switch.

Create ACL 101. Define the first rule: The ACL will permit packets that match the specified source IP address (after the mask has been applied), that are carrying TCP traffic, and that are sent to the specified destination IP address.

1.Enter these commands:

(Netgear Switch) #config

(Netgear Switch) (Config)#access-list 101 permit tcp 192.168.77.0 0.0.0.255 192.178.77.0 0.0.0.255

138 Chapter 10. ACLs

Page 138
Image 138
NETGEAR M7100, M4100 manual CLI Set Up an IP ACL with Two Rules, Apply the ACL to one or more interfaces