Example: Using an Access Control Rule to Filter Web Traffic

To configure your switch to filter web traffic to a particular web server:

1. Select Access Lists from the Routing > IP > Configuration group on the Web Agent window. The IP Access List dialog box displays (Figure 13-1).
2. Select Create Extended. The IP Extended Access Rule Creation dialog box displays (Figure 13-3).
3. Enter a number between 100 and 199 (or Alphanumeric) (for extended ACL) in the Access List Name field to identify your new access control list.
4. Enter a number in the Access Rule Index field to identify the access rule.
5. Select Deny/Filter from the Access Type field pull-down menu.
6. Leave 0.0.0.0 and 255.255.255.255 as the Source Address and Source Address Wildcard for the Source Subnet parameter settings. All source traffic will match.
7. Enter the IP address in the Dest Address field that represents the destination address of the web server. Enter a wildcard of 0.0.0.0 to identify the specific IP address of the destination web server.

NOTE: To deny/filter traffic to a specific address and not to an entire subnet, you must specify the destination IP address of the network node, and use a subnet wildcard of 0.0.0.0.

8. Specify the TCP protocol ID = 6. If you specify TCP or UDP port numbers, you must specify Protocol ID 6 or 17 respectively.
9. Enter the following in the TCP/UDP Destination Port field:
• a Min. of 80 (HTTP).
• a Max. of 80 (HTTP).
10. Leave the TCP/UDP Source Port field alone:
• a Min. of 0 (HTTP).
• a Max. of 65536 (HTTP).
11. Select TCP Established. A check mark displays in the check box.
12. Click CREATE to save your changes, or CANCEL to restore previous settings.

Each time any end user attempts to access the web server specified by the destination TCP/UDP ports, all web requests are filtered.