Page 1 of 1
6850E Port Based ACL
Posted: 08 Dec 2015 02:14
by dmendj
Hi All,
Can I configure port based / Service Based ACLs on 6850E .
For Example - I need to allow only http (80), https (443) , LDAP (1521) traffic going through the port 1/20 (Like a firewall action).
Can I use QoS for this.
Thank you...
Re: 6850E Port Based ACL
Posted: 08 Dec 2015 03:17
by silvio
you have to write three separate conditions/rules.
policy condition 20_http destination tcp port 80 destination port 1/20
policy condition 20_https destination tcp port 442 destination port 1/20
policy condition 20_ldap destination tcp port 1521 destination port 1/20
policy condition 20_rest destination port 1/20
policy action allow
policy actio deny disposition deny
policy rule 20_http condition 20_http action allow precedence 100
policy rule 20_https condition 20_https action allow precedence 100
policy rule 20_ldap condition 20_ldap action allow precedence 100
policy rule 20_rest condition 20_rest action deny precedence 10
qos apply
with service groups you can also summarize your tcp ports to one group. So you need only one condition/rule for allowed traffic.
Also you can use an other actions like dscp or 802.1p for priorization of allowed traffic.
regards
Silvio