Accelar 1100 Ip Filter 1

[ior]

Hi, I have setup a port as a "router" and have given it the ip 192.168.16.1. (Passport 1100, Build 2.0.7.10)

The rest of my ports on the switch are in the default vlan using 192.168.0.211

Now I want to use a IP filter to enforce that:
192.168.16.x ips are only allowed to talk to 192.168.0.1

Any suggestions?

 

[jimbopalmer]

It has been several year since I did this and I am not near an Accelar now so take this with several grains of salt, but this is what I remember.

there are 3 steps 1)defining packets you are interested in, 2) grouping rules 3) defining what ports watch for the filter and what they do if no filter matches

1) Define a filter so that if the source is 192.168.16.0 and the mask is 255.255.255.0 and the destination is 192.168.0.1 and its mask is 255.255.255.255 and the action is to allow packets. This allows only the traffic you want to happen. (you might make other filters allowing other subnets to talk to 192.168.0.0 with a subnet of 255.255.0.0 if you intended them to have more access.)

2) add all the filters that you needed so that traffic you want flows to a single rule

3) assign that rule to the ports that might get incoming 192.168.16.x traffic with a condition of dropping all traffic that does not meet a rule.


I tried to remain child-like, all I acheived was childish.

 

[ior]

Thank you, though I found another solution.

Due to the extremely messy ACL system i set it up so that there is an ACL that prevents all traffic from 16.x to enter all ports (Except 2) and another that prevents traffic from 0.x to enter the port containing the 16.x net.

So instead of applying a "good" ACL to 2 ports ive put ACL´s on em all.
Not really an efficent solution, but hey, it works.