Chapter 10. ACLs | 119
ProSafe 7000 Managed Switch Release 8.0.3
3. Create VLAN 200 with port 0/44 and assign IP address 192.168.200.1/24.
(Netgear Switch) #vlan database
(Netgear Switch) (Vlan)#vlan 200
(Netgear Switch) (Vlan)#vlan routing 200
(Netgear Switch) (Vlan)#exit
(Netgear Switch) #configure
(Netgear Switch) (Config)#interface 0/44
(Netgear Switch) (Interface 0/44)#vlan pvid 200
(Netgear Switch) (Interface 0/44)#vlan participation include 200
(Netgear Switch) (Interface 0/44)#exit
(Netgear Switch) (Config)#interface vlan 200
(Netgear Switch) (Interface-vlan 200)#routing
(Netgear Switch) (Interface-vlan 200)#ip address 192.168.200.1 255.255.255.0
(Netgear Switch) (Interface-vlan 200)#exit
4. Add two static routes so that the switch forwards the packets for which the destinations are
192.168.40.0/24 and 192.168.50.0/24 to the correct next hops.
(Netgear Switch) (Config)#ip routing
(Netgear Switch) (Config)#ip route 192.168.40.0 255.255.255.0 192.168.200.2
(Netgear Switch) (Config)#ip route 192.168.50.0 255.255.255.0 192.168.200.2
5. Create an ACL that denies all the packets with TCP flags +syn-ack.
(Netgear Switch) (Config)#access-list 101 deny tcp any flag +syn -ack
6. Create an ACL that permits all the IP packets.
(Netgear Switch) (Config)#access-list 102 permit ip any
7. Apply ACLs 101 and 102 to port 0/44; the sequence of 101 is 1 and of 102 is 2.
Step 2: Configure the GSM7352S
(See Figure 15, One-Way Web access using a TCP flag in an ACL on page 117.)
1. Enter the following commands.
(Netgear Switch) (Config)#interface 0/44
(Netgear Switch) (Interface 0/44)#ip access-group 101 in 1
(Netgear Switch) (Interface 0/44)#ip access-group 102 in 2
(Netgear Switch) (Interface 0/44)#exit
To Next Page
Loading...
