Configuring vlan-based filtering – Nortel Networks WEB OS 212777 User Manual

Web OS 10.0 Application Guide

Chapter 7: Filtering

n

175

212777-A, February 2002

Configuring VLAN-based Filtering

1.

Configure filter 2 to allow local clients to browse the Web and then assign VLAN 20 to
the filter.

The filter must recognize and allow TCP traffic from VLAN 20 to reach the local client destina-
tion IP addresses if originating from any HTTP source port:

All clients from other VLANs will be ignored.

2.

Configure filter 3 to allow local clients to Telnet anywhere outside the local intranet and
then assign VLAN 30 to the filter.

The filter must recognize and allow TCP traffic to reach the local client destination IP
addresses if originating from a Telnet source port:

>> # /cfg/slb/filt 2

(Select the menu for Filter 2)

>> Filter 2# sip any

(From any source IP address)

>> Filter 2# dip 205.177.15.0

(To base local network dest. address)

>> Filter 2# dmask 255.255.255.0

(For entire subnet range)

>> Filter 2# proto tcp

(For TCP protocol traffic)

>> Filter 2# sport http

(From any source HTTP port)

>> Filter 2# dport any

(To any destination port)

>> Filter 2# action allow

(Allow matching traffic to pass)

>> Filter 2# vlan 20

(Assign VLAN 20 to Filter 2)

>> Filter 2# ena

(Enable the filter)

>> # /cfg/slb/filt 3

(Select the menu for Filter 3)

>> Filter 3# sip any

(From any source IP address)

>> Filter 3# dip 205.177.15.0

(To base local network dest. address)

>> Filter 3# dmask 255.255.255.0

(For entire subnet range)

>> Filter 3# proto tcp

(For TCP protocol traffic)

>> Filter 3# sport telnet

(From a Telnet port)

>> Filter 3# dport any

(To any destination port)

>> Filter 3# action allow

(Allow matching traffic to pass)

>> Filter 3# name allow clients to telnet

(Provide a descriptive name for the

filter)

>> Filter 3# vlan 30

(Assign VLAN 30 to Filter 3)

>> Filter 3# ena

(Enable the filter)