ACLs
213
Managed Switches
The following examples show how to configure a management ACL.
Example 1: Permit Any Host to Access the Switch Through
Telnet or HTTP:
Permit any host to access the managed VLAN IP address of 169.254.100.100 through a
Telnet or HTTP connection:
Example 2: Permit a Specific Host to Access the Switch
Through SSH Only
Permit a specific host access the switch over an SSH connection only.
Configure IPv6 ACLs
This feature extends the existing IPv4 ACL by providing support for IPv6 packet
classification. Each ACL is a set of up to 12 rules applied to inbound traffic. Each rule
specifies whether the contents of a given field should be used to permit or deny access to the
network, and can apply to one or more of the following fields within a packet:
• Source IPv6 prefix
• Destination IPv6 prefix
• Protocol number
• Source Layer 4 port
• Destination Layer 4 port
• DSCP value
• Flow label
(Netgear Switch) (Config)#ip access-list acl_for_cpu
(Netgear Switch) (Config-ipv4-acl)#permit tcp any 169.254.100.100 0.0.0.0 eq telnet
(Netgear Switch) (Config-ipv4-acl)#deny tcp any any eq http
(Netgear Switch) (Config-ipv4-acl)#permit tcp any 169.254.100.100 0.0.0.0 eq http
(Netgear Switch) (Config-ipv4-acl)#deny tcp any any eq http
(Netgear Switch) (Config-ipv4-acl)#deny every
(Netgear Switch) (Config-ipv4-acl)#exit
(Netgear Switch) (Config)#ip access-group acl_for_cpu control-plane
(Netgear Switch) (Config)#ip access-list acl_for_cpu
(Netgear Switch) (Config-ipv4-acl)#permit tcp 10.100.5.13 0.0.0.0 any eq ssh
(Netgear Switch) (Config-ipv4-acl)#deny tcp any any eq ssh
(Netgear Switch) (Config-ipv4-acl)#permit every
(Netgear Switch) (Config-ipv4-acl)#exit
(Netgear Switch) (Config)#ip access-group acl_for_cpu control-plane
To Next Page
Loading...
