Hello Ralf !
We have some examples how to create Policies. The key point is, that you need more than only TCP:80 rules, f.e. you have to allow ARP, DNS, DHCP (if needed). Please remain that with a policy you will filter all traffic coming in at port level ! viele Grüße Volker Kull Geschäftsstellenleiter Süd BELL Computer-Netzwerke GmbH Ohmstr. 6 - 76229 Karlsruhe - Germany Tel: +49 (0) 721 6624993-0 Fax: +49 (0) 721 6624993-30 e-mail [email protected] <blocked::mailto:[email protected]> web www.bell.de <blocked::http://www.bell.de/> Geschaeftsfuehrer: Dipl. Ing. Tobias Groene Sitz der Gesellschaft: Bonn, HRB 6444 Amtsgericht Bonn ******************************************************************************************************************* Diese E-Mail kann vertrauliche Informationen enthalten. Wenn Sie nicht der richtige Adressat sind, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet. This e-mail may contain confidential information. If you are not the intended recipient please notify the sender immediately and destroy this e-mail. Any unauthorised copying, disclosure or distribution of this e-mail`s content is strictly forbidden. ***************************************************************************************************************** Von: [email protected] [mailto:[email protected]] Gesendet: Freitag, 27. April 2012 11:36 An: Enterasys Customer Mailing List Betreff: [enterasys] Routing and Policy on C5 Hi, we have different VLANs routed on a C5. We now want to separate the VLANs with Policy, for example VLAN A has full connectivity to VLAN B, but only Port 80 to VLAN C. All devices in VLAN C has full access to the devices in the same VLAN, but from VLAN A, only Port 80 is accepted. Has anyone an idea, how to map this with policy? If I create a role for VLAN A, that denies all traffic and create a service that allows port 80 with the ip address of VLAN C, it does not work (I think because the traffic from VLAN A to its default gateway is blocked). If I allow communication with the default gateway, I can connect non-restricted to VLAN C . Otherwise, if I create a role for VLAN A, that permits everything, I have to create many rules for VLAN C, that only port 80 is allowed from VLAN A as source I hope, this is comprehensible, has anyone an idea for this case? Kind Regards Ralf Lutz Stadt Heidelberg Personal- und Organisationsamt Abt. Informationsverarbeitung Marktplatz 10 69117 Heidelberg Tel. +49 62 21 58 11 14 0 Fax +49 62 21 58 46 11 14 0 * --To unsubscribe from enterasys, send email to [email protected] <mailto:[email protected]> with the body: unsubscribe enterasys [email protected] <mailto:[email protected]> ________________________________ eMail ist virenfrei. Von AVG überprüft - www.avg.de Version: 2012.0.1913 / Virendatenbank: 2411/4962 - Ausgabedatum: 27.04.2012
<<image001.png>>
smime.p7s
Description: S/MIME cryptographic signature
