Amer Networks SS2R48G4i V2 User Manual

SS2R24G4i/SS2R48G4i

140

The configuration steps are listed below

Switch(Config)#access-list 110 deny tcp 10.0.0.0

0.0.0.255 any-destination d-port 21
Switch(Config)#firewall enable
Switch(Config)#firewall default permit

Switch(Config)#interface ethernet 0/0/10
Switch(Config-Ethernet0/0/10)#ip access-group 110 in
Switch(Config-Ethernet0/0/10)#exit
Switch(Config)#exit

Configuration result

Switch#show firewall
Firewall is enabled.
Firewall default rule is to permit any packet.
Switch#show access-lists
access-list 110(used 1 time(s))
access-list 110 deny tcp 10.0.0.0 0.0.0.255 any-destination d-port 21

Switch#show access-group interface ethernet 0/0/10
interface name Ethernet0/0/10
the ingress acl use in firewall is 110.

Scenario 2

The user has the following configuration requirement port 1/10 of the switch connects to
00-12-11-23-XX-XX segment, 802.3 is not desired for the user.

Configuration description

a)Create a proper ACL

b)Configuring packet filtering function

c)Bind the ACL to the port

The configuration steps are listed below
Switch(Config)#access-list 1100 deny 00-12-11-23-00-00 00-00-00-00-ff-ff any-destination-mac
untagged-802.3
Switch(Config)#access-list 1100 deny 00-12-11-23-00-00 00-00-00-00-ff-ff any-destination-mac
tagged-802.3
Switch(Config)#firewall enable
Switch(Config)#firewall default permit

Switch(Config)#interface ethernet 0/0/10
Switch(Config-Ethernet0/0/10)#ip access-group 1100 in