EasyManuals Logo

Foundry Networks Switch and Router User Manual

Default Icon
1070 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #1014 background imageLoading...
Page #1014 background image
Foundry Switch and Router Installation and Configuration Guide
C - 10 December 2000
Scope
You configure IP access policies globally, then apply them to individual ports. When you apply an IP policy to a
port, you specify whether the policy applies to inbound or outbound packets. You can use the same policy in a
ports inbound policy group and outbound policy group. When you configure a policy group, you must add all the
policies to the group at one time. You cannot edit policy groups later. To change a policy group, you must delete
the group and then add a new group.
Policies within the group are applied in positional order from left to right. Make sure you specify the filters in the
order you want the device to apply them.
Syntax
Use the following CLI commands or Web management interface panels to configure IP access policies.
Defining IP Access Policies
You can enhance network security by configuring IP access policies to explicitly permit or deny IP packets based
on IP protocol, IP source and destination, IP protocol port, and even TCP or UDP application port.
NOTE: The device permits all IP packets by default. However, once you configure an IP access policy, the
device denies all IP packets by default unless you explicitly permit them. Thus, if you want the device to permit all
IP packets except the ones you filter out, you must configure the last IP access policy to permit all IP packets. If a
packet does not match other filters (and thus is not denied), the packet matches the last filter and is permitted.
You can filter on the following IP protocols:
ICMP
IGMP
IGRP
OSPF
TCP
UDP
In addition, if you filter on TCP or UDP, you also can specify a particular application port (such as HTTP or 80)
or a logical expression consisting of an operator and port names or numbers. See the syntax descriptions below
for details.
Table C.6: IP Access Policies
Foundry Product CLI syntax Web management links
NetIron Internet
Backbone router,
BigIron, FastIron II,
TurboIron/8
BigIron(config)# ip access-policy <policy-num>
permit | deny <ip-addr> <ip-mask> | any
<ip-addr> <ipmask> | any tcp | udp
[<operator> [<tcp/udp-port-num>]] [log]
BigIron(config-if-1/1)# ip access-policy-group in |
out <policy-list>
Configure->IP->Access Policy
NetIron NetIron(config)# ip access-policy <policy-num>
permit | deny <ip-addr> <ip-mask> | any
<ip-addr> <ip-mask> | any tcp | udp
[<operator> [<tcp/udp-port-num>]] [log]
NetIron(config-if-1)# ip access-policy-group
in | out <policy-list>
Configure->IP->Access Policy

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Foundry Networks Switch and Router and is the answer not in the manual?

Foundry Networks Switch and Router Specifications

General IconGeneral
BrandFoundry Networks
ModelSwitch and Router
CategorySwitch
LanguageEnglish

Related product manuals