Page F-33
Appendix F – Network Topology
INTER-TEL
®
AXXESS
®
MANUAL VERSION 11.0 – May 2008
Non-NATed DMZ Configuration
APPENDICES
16.11 The following commands define the VLANs within the switch. This is necessary to be
able to route/firewall between the LAN and the DMZ.
vlan 1
name "Default"
vlan 2
name "DMZ"
!
16.12 The following commands set up the Ethernet switch ports for specific VLANs. In this
example, take the first two ports and associate them with the DMZ VLAN.
interface eth 0/1
no shutdown
switchport access vlan 2
!
interface eth 0/2
no shutdown
switchport access vlan 2
!
Set up some of the ports in the default VLAN. This example shows two ports.
interface eth 0/3
no shutdown
switchport access vlan 1
!
interface eth 0/4
no shutdown
switchport access vlan 1
!
! and so on...
16.13 Each VLAN performs as a port on the router with its own IP address. Access policies
are applied to each interface. The access policies are defined further below.
interface vlan 1
ip address 192.168.1.1 255.255.255.0
access-policy Private
no shutdown
interface vlan 2
ip address 208.132.23.64 255.255.255.192
no shutdown
!
• In this example, the connection is to the Internet with a T1. Set up the IP address and
apply the access policy (defined further below).
interface t1 1/1
clock source line
tdm-group 1 timeslots 1-24 speed 64
ip address 208.13.17.33 255.255.255.252
access-policy Public
no shutdown
• The following commands define access lists for the different traffic types. Defining the
lists does not have any effect until they are applied to the interfaces.
ip access-list extended web
permit ip any any
ip access-list extended Voice
permit udp any host 208.132.23.66 range 5004 5069 log
ip access-list extended ITP
permit tcp any host 208.132.23.66 eq 5566 log
permit udp any host 208.132.23.66 eq 5567 log
ip access-list extended InterTelNetworking
permit tcp any host 208.132.23.66 eq 5570 log
To Next Page
Loading...
