Layer-3 access control lists (acls) – Cabletron Systems SmartSwitch User Manual
Page 281
SmartSwitch Router User Reference Manual
281
Chapter 18: Security Configuration Guide
Destination secure port:
To block access to all file servers on all ports from port et.1.1 use
the following command:
To allow all engineers access to the engineering servers, you must "punch" a hole through
the secure-port wall. A "dest static-entry" overrides a "dest secure port".
Layer-3 Access Control Lists (ACLs)
Access Control Lists (ACLs) allow you to restrict Layer-3 traffic going through the SSR.
Each ACL consists of one or more rules describing a particular type of IP or IPX traffic. An
ACL can be simple, consisting of only one rule, or complicated with many rules. Each rule
tells the router to either permit or deny the packet that matches the rule's packet
description.
For information about defining and using ACLs on the SSR, see
Configuration Guide” on page 255
filters add secure-port name engineers direction dest vlan 1
in-port-list et.1.1
filters add static-entry name eng-server dest-mac 080060:abcdef vlan 1
in-port-list et.1.1 out-port-list et.1.2 restriction allow