2 applying acls to services, 3 applying acls to layer-4 bridging ports, Applying acls to services -9 – Riverstone Networks WICT1-12 User Manual

Page 539: Applying acls to layer-4 bridging ports -9

Advertising
background image

Riverstone Networks RS Switch Router User Guide Release 8.0 24-9

Access Control List Configuration

Using ACLs

24.3.2

Applying ACLs to Services

ACLs can also be created to permit or deny access to system services provided by the RS; for example, HTTP or Telnet
servers. This type of ACL is known as a Service ACL. By definition, a Service ACL is for controlling inbound packets
to a service on specific interfaces on the router. For example, on a particular interface, you can grant Telnet server
access from a few specific hosts or deny Web server access from a particular subnet. It is true that you can do the same
thing with ordinary ACLs and apply them to specific interfaces. However, the Service ACL is created specifically to
control access to some of the services on specified interfaces of the RS. As a result, only inbound traffic to the RS is
checked.

Note

If a service does not have an ACL applied, that service is accessible to everyone.
To control access to a service, an ACL must be used.

To apply an ACL to a service, enter the following command in Configure mode:

24.3.3

Applying ACLs to Layer-4 Bridging Ports

ACLs can also be created to permit or deny access to one or more ports operating in Layer-4 bridging mode. Traffic
that is switched at Layer 2 through the RS can have ACLs applied on the Layer 3/4 information contained in the packet.
The ACLs that are applied to Layer-4 Bridging ports are only used with bridged traffic. The ACLs that are applied to
the interface are still used for routed traffic.

Like ACLs that are applied to interfaces, ACLs that are applied to Layer 4 bridging ports can be applied to either
inbound or outbound traffic. For each port, only one ACL can be applied for the inbound direction and one for the
outbound direction. You can apply two ACLs to the same port if one is for inbound traffic and one is for outbound
traffic.

To apply an ACL to a port, enter the following command in Configure Mode:

See

Section 25.4, "Layer-4 Bridging and Filtering,"

for information on configuring Layer-4 Bridging on the RS.

Apply ACL to a service.

acl

<name>

apply service

<service name>

[logging [on|off]]

Apply a Layer-4 bridging ACL to a port

acl

<name>

apply port

<port-list>

Advertising
Popular Brands
Popular manuals