EasyManuals Logo

Foundry Networks Switch and Router User Manual

Default Icon
1070 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #1013 background imageLoading...
Page #1013 background image
Policies and Filters
December 2000 C - 9
IP Access Policies
IP access policies are rules that determine whether the device forwards or drops IP packets. You create an IP
access policy by defining an IP filter, then applying it to an interface. The filter consists of source and destination
IP information and the action to take when a packet matches the values in the filter. You can configure an IP filter
to permit (forward) or deny (drop) the packet.
You also can configure Layer 4 information in an IP filter. If you configure Layer 4 information, you are configuring
a Layer 4 policy. See TCP/UDP Access Policies on page C-20.
You can apply an IP filter to inbound or outbound packets. When you apply the filter to an interface, you specify
whether the filter applies to inbound packets or outbound packets. Thus, you can use the same filter on multiple
interfaces and specify the filter direction independently on each interface.
Figure C.1 shows an example of an inbound IP access policy group applied to port 1 on slot 1 of a BigIron Layer 3
Switch. In this example, packets enter the port from left to right. The first three packets have entered the port and
have been permitted or denied. The two packets on the left have not yet entered the port. When they do, they will
be permitted. Since the last policy in the group is a permit any policy, all packets that do not match another
policy are permitted. The permit any policy changes the default action to permit.
Figure C.1 IP access policies in inbound policy group for a port
Actions
IP access policies either forward or drop IP packets based on the IP source and IP destination addresses. You
also can configure the policy to forward or drop a packet based on TCP/UDP port information. In this case, you
are configuring a TCP/UDP access policy. See TCP/UDP Access Policies on page C-20.
Inbound IP Access Policy Group for Port 1/1
PolicyID Action Source Destination
--------------------------------------------------------------------------------
3 Deny 209.157.22.26/32 any
17 Deny 209.157.22.14/32 any
34 Deny 209.157.22.69/32 201.21.2.7/32
1024 Permit any any
Permitted
Source:
209.157.22.69/24
Dest:
211.44.29.67/24
Source:
209.157.22.26/24
Dest:
201.21.2.7/24
Source:
209.157.22.128/24
Dest:
209.184.66.128/24
Source:
209.157.22.69/24
Dest:
209.211.44.128/24
Source:
209.157.22.11/24
Dest:
209.241.12.66/24
Permitted
Bit
Bucket
Denied

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Foundry Networks Switch and Router and is the answer not in the manual?

Foundry Networks Switch and Router Specifications

General IconGeneral
BrandFoundry Networks
ModelSwitch and Router
CategorySwitch
LanguageEnglish

Related product manuals