Table of Contents
Advertisement
Security
Figure 21: Access control list denies all TCP and UDP traffic
10.10.10.1
10.10.10.100
NET10 VLAN
Step 2—Allow TCP traffic.
The next set of access list commands permits TCP-based traffic to flow. Because each session is
bi-directional, an access list must be defined for each direction of the traffic flow. UDP traffic is still
blocked.
The following commands create the access control list:
create access-mask ip_addr_mask ipprotocol dest-ip/32 source-ip/32 ports precedence
20000
create access-list tcp1_2 ip_addr_mask ipprotocol tcp dest-ip 10.10.20.100/32
source-ip 10.10.10.100/32 ports 2 permit qp1
create access-list tcp2_1 ip_addr_mask ipprotocol tcp dest-ip 10.10.10.100/32
source-ip 10.10.20.100/32 ports 10 permit qp1
Figure 22 illustrates the outcome of this access list.
Figure 22: Access list allows TCP traffic
10.10.10.100
Step 3 - Permit-Established Access List.
When a TCP session begins, there is a three-way handshake that includes a sequence of a SYN,
SYN/ACK, and ACK packets. Figure 23 shows an illustration of the handshake that occurs when host A
initiates a TCP session to host B. After this sequence, actual data can be passed.
148
TCP
UDP
ICMP
TCP
UDP
ICMP
10.10.20.1
10.10.20.100
NET20 VLAN
10.10.20.100
EW_035
ES4K010
ExtremeWare 7.2e Installation and User Guide
- Quick Links:
- Spanning Tree Protocol
Hide quick links:
Advertisement
Table of Contents
Related Manuals for Extreme Networks ExtremeWare 7.2e
Related Products for Extreme Networks ExtremeWare 7.2e
- Extreme Networks ExtremeWare Enterprise Manager
- Extreme Networks ExtremeWare XOS 11.3
- Extreme Networks ExtremeWare XOS 11.5
- Extreme Networks ExtremeWare XOS 11.1
- Extreme Networks ExtremeWare XOS 11.0
- Extreme Networks ExtremeWare Enterprise Manager 2.0
- Extreme Networks ExtremeWare XOS 10.1
- Extreme Networks Virtual Services Platform 7200 Series