Name: Foundry Networks Switch and Router
Brand: Foundry Networks
Rating: 4 (1 reviews)

To Next Page

To Previous Page

Foundry Switch and Router Installation and Configuration Guide

C - 10 December 2000

Scope

You configure IP access policies globally, then apply them to individual ports. When you apply an IP policy to a

port, you specify whether the policy applies to inbound or outbound packets. You can use the same policy in a

port’s inbound policy group and outbound policy group. When you configure a policy group, you must add all the

policies to the group at one time. You cannot edit policy groups later. To change a policy group, you must delete

the group and then add a new group.

Policies within the group are applied in positional order from left to right. Make sure you specify the filters in the

order you want the device to apply them.

Syntax

Use the following CLI commands or Web management interface panels to configure IP access policies.

Defining IP Access Policies

You can enhance network security by configuring IP access policies to explicitly permit or deny IP packets based

on IP protocol, IP source and destination, IP protocol port, and even TCP or UDP application port.

NOTE: The device permits all IP packets by default. However, once you configure an IP access policy, the

device denies all IP packets by default unless you explicitly permit them. Thus, if you want the device to permit all

IP packets except the ones you filter out, you must configure the last IP access policy to permit all IP packets. If a

packet does not match other filters (and thus is not denied), the packet matches the last filter and is permitted.

You can filter on the following IP protocols:

• ICMP

• IGMP

• IGRP

• OSPF

• TCP

• UDP

In addition, if you filter on TCP or UDP, you also can specify a particular application port (such as “HTTP” or “80”)

or a logical expression consisting of an operator and port names or numbers. See the syntax descriptions below

for details.

Table C.6: IP Access Policies

Foundry Product CLI syntax Web management links

NetIron Internet

Backbone router,

BigIron, FastIron II,

TurboIron/8

BigIron(config)# ip access-policy <policy-num>

permit | deny <ip-addr> <ip-mask> | any

<ip-addr> <ipmask> | any tcp | udp

[<operator> [<tcp/udp-port-num>]] [log]

BigIron(config-if-1/1)# ip access-policy-group in |

out <policy-list>

Configure->IP->Access Policy

NetIron NetIron(config)# ip access-policy <policy-num>

permit | deny <ip-addr> <ip-mask> | any

<ip-addr> <ip-mask> | any tcp | udp

[<operator> [<tcp/udp-port-num>]] [log]

NetIron(config-if-1)# ip access-policy-group

in | out <policy-list>

Configure->IP->Access Policy

Brand

Foundry Networks

Model

Switch and Router

Foundry Networks Switch and Router User Manual

Table of Contents

Questions and Answers:

Foundry Networks Switch and Router Specifications

Related product manuals