RackSwitch G8000 Application Guide
Chapter 6: Quality of Service
103BMD00041, November 2008
Example 5
Use this configuration to block all traffic except traffic of certain types. HTTP/HTTPS, DHCP,
and ARP packets are permitted on the port. All other traffic is denied.
1. Configure one IP ACL for each type of traffic that you want to permit.
2. Configure IP ACLs to deny all other traffic.
The ACLs that allow traffic must have a higher index number, and therefore higher priority,
than the ACL that denies all traffic.
3. Configure one MAC ACL for each type of traffic that you want to permit (ARP).
4. Configure a MAC ACL to deny all other traffic.
RS G8000 (config)# access-list ip extended 1103
RS G8000 (config-ext-nacl)# permit tcp any any eq 80
RS G8000 (config-ext-nacl)# exit
RS G8000 (config)# access-list ip extended 1104
RS G8000 (config-ext-nacl)# permit tcp any any eq 443
RS G8000 (config-ext-nacl)# exit
RS G8000 (config)# access-list ip extended 1105
RS G8000(config-ext-nacl)# permit udp any any eq 67
RS G8000(config-ext-nacl)# exit
RS G8000 (config)# access-list ip extended 1106
RS G8000 (config-ext-nacl)# permit udp any any eq 68
RS G8000 (config-ext-nacl)# exit
RS G8000 (config)# access-list ip extended 1007
RS G8000 (config-ext-nacl)# deny tcp any any
RS G8000 (config-ext-nacl)# exit
RS G8000 (config)# access-list ip extended 1008
RS G8000 (config-ext-nacl)# deny udp any any
RS G8000 (config-ext-nacl)# exit
RS G8000 (config)# access-list mac extended 200
RS G8000 (config-ext-macl)# permit any any 806
RS G8000 (config-ext-macl)# exit
RS G8000 (config)# access-list mac extended 10
RS G8000 (config-ext-macl)# deny any any
RS G8000 (config-ext-macl)# exit
