topic RE: Basic ACL Help with EOS on a SSA 150 in ExtremeSwitching (EOS)

Basic ACL Help with EOS on a SSA 150

info_systemhaus — Mon, 22 Jun 2015 17:23:00 GMT

Hello,

due to a Company policy i have to use a SSA 150 as a central Routing Switching System with NAT & Basic Firewall.

I have created Static & Dynamic Nat Rules and all works fine .. now i have to secure the Server vlan with an ACL.

I ́m not so familiar with ACL and perhaps you can help me with an example :

Konfig :

Internal Network : 5 VLANS with 172.16.X.0 /24

Public Network : 195.37.81 /24 (Example )

VLAN 30 for the Server : 172.16.199.0/24

I Need a ACL for the VLAN 30 with contain the following :

- Rule 1 : everybody from internal Network can Access all from VLAN 30

Permit ip 172.16.0.0 0.0.255.255 any ( correct ? )

Rule 3 : all other Public IP ́s can Access the VLAN 30 ( Static NAT Rules )

Permit ip 195.37.81.0 0.255.255.255 any

- Rule 3 all from outside the world can Access the Webserver on Port 80 on Host 172.16.99.150

??????

- Rule 4 only Host 80.150.248.88 (Example) can acccess the Port: 3389 on Host 172.16.99.150

?????

of course i need a bunch of Rules like 3 or 4 .. but with one example from you .. i would complete this ...

Many THX for Help

RE: Basic ACL Help with EOS on a SSA 150

Luke_French — Mon, 22 Jun 2015 19:27:00 GMT

Assuming the ACL is outbound on vlan 30 than the first rules are correct.

To permit all host on port 80 to one server
permit tcp any host 172.16.99.150 eq 80

For sprcific host
permit tcp Host 80.150.248.88 Host 172.16.99.150 eq 3389

????
Use the folowing article for guidance.

https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-ACL-to-permit-through-two...

RE: Basic ACL Help with EOS on a SSA 150

info_systemhaus — Mon, 22 Jun 2015 23:38:00 GMT

thx .. meanwhile i have read something bout the difference between IN and OUTBOUND ... Access Lists .. i have a lapse of thought about this ... perhaps i will find a doc .. that descibes this absolutely clear