Foundry Configuration Guide for the FESX, FSX, and FWSX
12 - 22
© Foundry Networks, Inc.
December 2005
FastIron SuperX Router(config-vlan-10)# router-interface ve 1
FastIron SuperX Router(config-vlan-10)# exit
FastIron SuperX Router(config)# access-list 1 deny host 209.157.22.26 log
FastIron SuperX Router(config)# access-list 1 deny 209.157.29.12 log
FastIron SuperX Router(config)# access-list 1 deny host IPHost1 log
FastIron SuperX Router(config)# access-list 1 permit any
FastIron SuperX Router(config)# interface ve 1
FastIron SuperX Router(config-vif-1)# ip access-group 1 in ethernet 1/1 ethernet 1/
3 ethernet 2/1 to 2/4
The commands in this example configure port-based VLAN 10, add ports 1/1 – 2/12 to the VLAN, and add virtual
routing interface 1 to the VLAN. The commands following the VLAN configuration commands configure ACL 1.
Finally, the last two commands apply ACL 1 to a subset of the ports associated with virtual interface 1.
Syntax:
[no] ip access-group <ACL ID> in ethernet <slotnum>/<portnum> [to <slotnum>/<portnum>]
The <ACL ID> parameter is the access list name or number.
The <slotnum> parameter applies on chassis devices only. It does not apply on FESX devices.
Filtering on IP Precedence and ToS Values
To configure an extended IP ACL that matches based on IP precedence, enter commands such as the following:
The first entry in this ACL denies TCP traffic from the 209.157.21.
x
network to the 209.157.22.x network, if the
traffic has the IP precedence option “internet” (equivalent to “6”).
The second entry denies all FTP traffic from the 209.157.21.
x
network to the 209.157.22.x network, if the traffic
has the IP precedence value “6” (equivalent to “internet”).
The third entry permits all packets that are not explicitly denied by the other entries. Without this entry, the ACL
would deny all incoming or outgoing IP traffic on the ports to which you assign the ACL.
To configure an IP ACL that matches based on ToS, enter commands such as the following:
The first entry in this IP ACL denies TCP traffic from the 209.157.21.
x
network to the 209.157.22.x network, if the
traffic has the IP ToS option “normal” (equivalent to “0”).
The second entry denies all FTP traffic from the 209.157.21.
x
network to the 209.157.22.x network, if the traffic
has the IP precedence value “13” (equivalent to “max-throughput”, “min-delay”, and “min-monetary-cost”).
The third entry permits all packets that are not explicitly denied by the other entries. Without this entry, the ACL
would deny all incoming or outgoing IP traffic on the ports to which you assign the ACL.
FESX424 Router(config)# access-list 103 deny tcp 209.157.21.0/24 209.157.22.0/24
precedence internet
FESX424 Router(config)# access-list 103 deny tcp 209.157.21.0/24 eq ftp
209.157.22.0/24 precedence 6
FESX424 Router(config)# access-list 103 permit ip any any
FESX424 Router(config)# access-list 104 deny tcp 209.157.21.0/24 209.157.22.0/24 tos
normal
FESX424 Router(config)# access-list 104 deny tcp 209.157.21.0/24 eq ftp 209.157.22.0/24
tos 13
FESX424 Router(config)# access-list 104 permit ip any any
Summary of Contents for FastIron Edge Switch X424
Page 36: ...Foundry Configuration Guide for the FESX FSX and FWSX 2 12 Foundry Networks Inc December 2005...
Page 56: ...Foundry Configuration Guide for the FESX FSX and FWSX 3 20 Foundry Networks Inc December 2005...
Page 70: ...Foundry Configuration Guide for the FESX FSX and FWSX 4 14 Foundry Networks Inc December 2005...
Page 198: ...Foundry Configuration Guide for the FESX FSX and FWSX 8 38 Foundry Networks Inc December 2005...
Page 316: ...Foundry Configuration Guide for the FESX FSX and FWSX 12 26 Foundry Networks Inc December 2005...
Page 350: ...Foundry Configuration Guide for the FESX FSX and FWSX 15 12 Foundry Networks Inc December 2005...
Page 458: ...Foundry Configuration Guide for the FESX FSX and FWSX 18 18 Foundry Networks Inc December 2005...
Page 712: ...Foundry Configuration Guide for the FESX FSX and FWSX 22 32 Foundry Networks Inc December 2005...
Page 760: ...Foundry Configuration Guide for the FESX FSX and FWSX A 34 Foundry Networks Inc December 2005...
Page 796: ...Foundry Configuration Guide for the FESX FSX and FWSX C 18 Foundry Networks Inc December 2005...
Page 820: ...Foundry Configuration Guide for the FESX FSX and FWSX E 10 Foundry Networks Inc December 2005...