3 years ago

IC36240 User's Manual - Asante

IC36240 User's Manual - Asante

When configuring an

When configuring an access list, you can add multiple statements by adding criteria to the same numbered list. The order of the statements is important, as the switch tests addresses against the criteria in an access list one by one (in the order the statements are entered) until it finds a match. The first match determines whether the system accepts or rejects the address. Because the system stops testing conditions after the first match, the order of the conditions is critical. To develop an ACL first determine the protocols required within your networks. Although every site has specific requirements, certain protocols and applications are widely used. For example, network segments that provide connectivity for a publicly accessible web server or TCP. Use the following sources to identify required traffic. The number of instances of applied access lists usually will not exceed 128 due to hardware limitations. • Review local security policy • Review firewall configuration • Review applications Using a Classification ACL A classification ACL is composed of permit statements for the various protocols that could be destined to the internal network. (See for a list of commonly used protocols and applications.) Use the show access-list command to display a count of access control entry (ACE) hits to identify required protocols. Investigate and understand and suspicious or surprising results before you create explicit permit statements for unexpected protocols. In addition to direct protection, the ACL should also provide a first line of defense against certain types of invalid traffic on the Internet. 58 Asante IntraCore IC36240 User’s Manual

Other types of traffic to consider include the following. External protocols and IP Addresses • ICMP from service provider IP Addresses Explicitly permitted return traffic for internal connections to the Internet • Specific Internet Control Message Protocol (ICMP) types • Outbound Domain Name System (DNS) query replies • TCP established • User Datagram Protocol (UDP) return traffic • FTP data connections • TFTP data connections • Multimedia connections Explicitly permitted externally sourced traffic destined to protected internal addresses • VPN Traffic • HTTP to web servers • Secure Socket Layer (SSL) to web servers • FTP to FTP servers • Inbound FTP data connections • Simple Mail Transfer Protocol (SMTP) • Other applications and servers • Inbound DNS queries • Inbound DNS zone transfers Important: By default, if no conditions match, the software rejects the address. The switch supports two types of access lists: • Standard: access list numbers 1–99 and 1300–1999 (expanded range) • Extended: access list numbers 100–199 and 2000–2699 (expanded range) 59 Asante IntraCore IC36240 User’s Manual

EFM User Manual - CTC Union Technologies Co.,Ltd.
EAP350 User Manual - EnGenius Technologies
User's Manual for FH316 Dual Speed hub - Asante
FMUX01A/Plus User Manual - Products
FMUX01A/Plus User Manual -
Rovio User manual - WowWee
EOe1-A User Manual - Products
PHB-200 User Manual - CTC Union Technologies Co.,Ltd.
User Manual [ver 4.00] - KOUKAAM, a.s.
Download User Manual -
IMBA-Q454-R10 User Manual - iEi
ECB600 User Manual - EnGenius Europe