dime-8----Page:4
1 2 3 4 5 6
|
NAS-Traffic-Rule Examples Example #1: Permit only L2 traffic coming from and going to a user's Ethernet MAC address. Block all other traffic. Assume user's MAC address is 00-10-A4-23-19-C0. permit in l2:ether2 from 00-10-A4-23-19-C0 to any permit out l2:ether2 from any to 00-10-A4-23-19-C0 Example #2: Tunnel all L2 traffic coming from and going to a user. Assume tunnel name is: tunnel "1234". permit tunnel "tunnel \"1234\"" inout l2:ether2 from any to any Example #3: Permit only L3 traffic coming and going to from a user's IP address. Block all other traffic. Assume user's IP address is 192.0.2.128. permit in ip from 192.0.2.128 to any permit out ip from any to 192.0.2.128 Example #4: Allow user to generate ARP requests, DNS requests, and HTTP (port 80) requests, of which only requests to http://www.goo.org are redirected to http://www.foo.org. Assume user's MAC address is 00-10-A4-23-19-C0 and IP address is 192.0.2.128 permit in l2:ether:0x0806 from 00-10-A4-23-19-C0 to any permit out l2:ether:0x806 from any to 00-10-A4-23-19-C0 permit in 17 from 192.0.2.168 to any 53 permit out 17 from any 53 to 192.0.2.168 redirect http://www.foo.org in from 192.0.2.168 to any 80 http://www.goo.org |