5 applying a layer-4 bridging acl to a port, 6 notes, Applying a layer-4 bridging acl to a port -15 – Riverstone Networks WICT1-12 User Manual

Riverstone Networks RS Switch Router User Guide Release 8.0 25-15

Security Configuration

Layer-4 Bridging and Filtering

The following is an example:

ACL 100 explicitly permits SMTP traffic and denies HTTP traffic. Note that because of the implicit deny rule
appended to the end of the ACL, all traffic (not just HTTP traffic) other than SMTP is denied.

ACL 200 explicitly permits SMTP, HTTP, and FTP traffic. The implicit deny rule denies any other traffic. See

Section 24.2, "Creating and Modifying ACLs,"

for more information on defining ACLs.

25.4.5

Applying a Layer-4 Bridging ACL to a Port

Finally, you apply the ACLs to the ports in the VLAN. To do this, enter the following command in Configure mode:

For the example in

Figure 25-2

, to apply ACL 100 (which denies all traffic except SMTP) to the consultant port:

To apply ACL 200 (which denies all traffic except SMTP, HTTP, and FTP) to the engineer port:

25.4.6

Notes

•

Layer-4 Bridging works for IP and IPX traffic only. The RS will drop non-IP/IPX traffic on a
Layer-4 Bridging VLAN. For Appletalk and DECnet packets, a warning is issued before the first
packet is dropped.

acl 100 permit ip any any smtp

acl 100 deny ip any any http

acl 200 permit any any smtp

acl 200 permit any any http

acl 200 permit any any ftp

Apply a Layer-4 bridging ACL to a port

acl

<name>

apply port

<port-list>

rs(config)#

acl 100 apply port et.1.1 output

rs(config)#

acl 200 apply port et.1.3 output