NETGEAR 7000 Series Managed Switch User Manual

NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2

9-4

Access Control Lists (ACLs)

v1.0, May 2008

Example #2: Configure a One-Way Access Using a TCP Flag in an
ACL

This example shows how to set up one-way web access using a TCP flag in an ACL.

PC1 can access FTP server1 and FTP server2 but PC2 only access FTP server2.

Create ACL 101. Define the first rule: the ACL will permit packets with a match

on the specified source IP address (after the mask has been applied), that are

carrying TCP traffic, and that are sent to the specified destination IP address.

(Netgear Switch) #config

(Netgear Switch) (Config)#access-list 101 permit tcp 192.168.77.0 0.0.0.255

192.178.77.0 0.0.0.255

Define the second rule for ACL 101. Define the rule to set similar conditions

for UDP traffic as for TCP traffic.

(Netgear Switch) (Config)#access-list 101 permit udp 192.168.77.0 0.0.0.255

192.178.77.0 0.0.0.255

Apply the rule to inbound traffic on port 1/0/2. Only traffic matching the

criteria will be accepted.

(Netgear Switch) (Config)#interface 1/0/2

(Netgear Switch) (Interface 1/0/2)#ip access-group 101 in

(Netgear Switch) (Interface 1/0/2)#exit

(Netgear Switch) (Config)#exit

Figure 9-2