Authenticating Users Through A Firewall - Cabletron Systems SmartSwitch Router User's Reference Manual
Cabletron smartswitch router user reference manual
Hide thumbs
Also See for SmartSwitch Router:
- User's reference manual (207 pages) ,
- Reference manual (226 pages)
Table of Contents
Advertisement
The following is the IP policy configuration for the Policy Router in
interface create ip premium-customer address-netmask 10.50.1.1/16 port
et.1.1
interface create ip standard-customer address-netmask 11.50.1.1/16 port
et.1.2
acl premium-customer permit ip 10.50.0.0/16 any any any 0
acl standard-customer
ip-policy p1 permit acl premium-customer next-hop-list "100.1.1.1
100.1.1.2" action policy-first sequence 20
ip-policy apply interface premium-customer
ip-policy p2 permit acl standard-customer next-hop-list 200.1.1.1
action policy-only sequence 30
ip-policy apply interface standard-customer
Authenticating Users through a Firewall
You can define an IP policy that authenticates packets from certain users via a firewall
before accessing the network. If for some reason the firewall is not responding, the packets
to be authenticated are dropped.
contractors
10.50.1.0/24
full-timers
10.50.2.0/24
Figure 21. Using an IP policy to authenticate users through a firewall
Packets from users defined in the "contractors" group are sent through a firewall. If the
firewall cannot be reached packets from the contractors group are dropped. Packets from
users defined in the "full-timers" group do not have to go through the firewall.
SmartSwitch Router User Reference Manual
Chapter 13: IP Policy-Based Forwarding Configuration Guide
permit ip 11.50.0.0/16 any any any 0
Figure 21
illustrates this kind of configuration.
Firewall
11.1.1.1
Policy
Router
12.1.1.1
Figure
Router
Servers
Rut-
20:
217
Advertisement
Table of Contents
Need help?
Do you have a question about the SmartSwitch Router and is the answer not in the manual?
Questions and answers