Example: Using an Access Control Rule to Filter Web Traffic

To configure your switch to filter Web traffic to a particular Web server:

1. In the navigation pane, expand the Routing > IP > Configuration folders, and then click Access Lists.

The IP Access List Web page is displayed in the content pane. See Figure�134.

2. Select Create Extended. The IP Extended Access Rule Creation Web page displays (Figure�136).
3. Enter a number between 100 and 199 (or Alphanumeric) (for extended ACL) in the Access List Name field to identify your new access control list.
4. Enter a number in the Access Rule Index field to identify the access rule.
5. Select Deny/Filter in the Access Type field.
6. Leave 0.0.0.0 and 255.255.255.255 as the Source Address and Source Address Wildcard for the Source Subnet parameter settings. All source traffic will match.
7. Enter the IP address in the Dest Address field that represents the destination address of the Web server. Enter a wildcard of 0.0.0.0 to identify the specific IP address of the destination Web server.

Note: To deny/filter traffic to a specific address and not to an entire subnet, you must specify the destination IP address of the network node, and use a subnet wildcard of 0.0.0.0.

8. Specify the TCP protocol ID = 6. If you specify TCP or UDP port numbers, you must specify Protocol ID 6 or 17 respectively.
9. Enter the following in the TCP/UDP Destination Port field:
• a Min. of 80 (HTTP).
• a Max. of 80 (HTTP).
10. Leave the TCP/UDP Source Port field alone:
• a Min. of 0 (HTTP).
• a Max. of 65536 (HTTP).
11. Select TCP Established. A check mark displays in the check box.
12. Click CREATE to save your changes, or CANCEL to restore previous settings.

Each time any end user attempts to access the Web server specified by the destination TCP/UDP ports, all Web requests are filtered.