NETGEAR 7000 Series Managed Switch User Manual

NETGEAR 7000 Series Managed Switch Administration Guide Version 7.2

9-6

Access Control Lists (ACLs)

v1.0, May 2008

Create VLAN 200 with port 0/44 and assign IP address 192.168.200.1/24.

(Netgear Switch) #vlan database

(Netgear Switch) (Vlan)#vlan 200

(Netgear Switch) (Vlan)#vlan routing 200

(Netgear Switch) (Vlan)#exit

(Netgear Switch) #configure

(Netgear Switch) (Config)#interface 0/44

(Netgear Switch) (Interface 0/44)#vlan pvid 200

(Netgear Switch) (Interface 0/44)#vlan participation include 200

(Netgear Switch) (Interface 0/44)#exit

(Netgear Switch) (Config)#interface vlan 200

(Netgear Switch) (Interface-vlan 200)#routing

(Netgear Switch) (Interface-vlan 200)#ip address 192.168.200.1 255.255.255.0

(Netgear Switch) (Interface-vlan 200)#exit

Add two static routes so that the switch forwards the packets for which the

destinations are 192.168.40.0/24 and 192.168.50.0/24 to the correct next hops.

(Netgear Switch) (Config)#ip routing

(Netgear Switch) (Config)#ip route 192.168.40.0 255.255.255.0 192.168.200.2

(Netgear Switch) (Config)#ip route 192.168.50.0 255.255.255.0 192.168.200.2

Create an ACL that denies all the packets with TCP flags +syn-ack.

(Netgear Switch) (Config)#access-list 101 deny tcp any any flag +syn -ack

Create an ACL that permits all the IP packets.

(Netgear Switch) (Config)#access-list 102 permit ip any any

Apply the ACL 101 and 102 to the port 0/44; the sequence of 101 is 1 and

of 102 is 2.

(Netgear Switch) (Config)#interface 0/44

(Netgear Switch) (Interface 0/44)#ip access-group 101 in 1

(Netgear Switch) (Interface 0/44)#ip access-group 102 in 2

(Netgear Switch) (Interface 0/44)#exit