ACE filters for secure networks

The following example shows filters for two Layer 2 switched hosts and two Layer 3 routed hosts for an IP Deskphone and computer VLAN network.

These filters apply after an analysis of the traffic types flowing on the network. The filters provide security by permitting legitimate traffic and denying (dropping) all other traffic. Filters redirect certain traffic to another IP address. The filters can also determine which traffic is permitted on which parts of the network.

The access control entries (ACE) named DENY ANY or DENY ANY ANY are the clean-up filters. These filters drop traffic that does not match another ACE.

The ACEs permit the following traffic (this is not an exhaustive list):

• Domain Name Service (DNS) traffic

• Internet Control Message Protocol (ICMP) traffic

• Virtual Router Redundancy Protocol (VRRP) traffic (in certain areas)

• BootStrap Protocol server and client traffic

• Dynamic Host Configuration Protocol (DHCP) traffic

• Network Basic Input/Output System (NetBIOS) traffic (in certain areas)

• Transport Control Protocol (TCP) traffic with the Established flag on

• traffic with specific IP addresses

• Microsoft Operations Manager 2005 agent (MOM 2005) traffic

• Hypertext Transfer Protocol (HTTP), HTTP proxy, and HTTP, Secure (HTTPS) traffic

• remote desktop traffic

• Internet Security Association and Key Management Protocol (ISAKMP) and Internet Key Exchange (IKE) traffic

• SQL database system traffic

Other ACEs are configured to deny (drop):

• VRRP traffic (in certain areas)

• NetBIOS traffic (UDP destination ports 137, 138)

• specific multicast traffic (UDP destination ports 61011, 64046)

• specific UDP traffic

• instant messaging traffic (UDP destination port 1900)

Layer 2 host configuration

This section shows the filters configured for the first Layer 2 switched host.

#

# FILTER CONFIGURATION

#

filter acl 1 type outPort name "VRRP_Drop"

filter acl port 1 1/24-1/25,1/37

filter acl ace 1 1 name "VRRP"

filter acl ace ethernet 1 1 ether-type eq ip

filter acl ace ip 1 1 ip-protocol-type eq vrrp

filter acl ace 1 1 enable

filter acl ace 1 2 name "NetbIOS_Drop"

filter acl ace ethernet 1 2 ether-type eq netBios

filter acl ace ip 1 2 ip-protocol-type eq udp

filter acl ace protocol 1 2 dst-port eq 137

filter acl ace 1 2 enable

filter acl ace 1 3 name "NetbIOS2_Drop"

filter acl ace ip 1 3 ip-protocol-type eq udp

filter acl ace protocol 1 3 dst-port eq 138

filter acl ace 1 3 enable

filter acl ace 1 4 name "WL_Multicast1_Drop"

filter acl ace ip 1 4 ip-protocol-type eq udp

filter acl ace protocol 1 4 dst-port eq 61011

filter acl ace 1 4 enable

filter acl ace 1 5 name "WL_Multicast2_Drop"

filter acl ace ip 1 5 ip-protocol-type eq udp

filter acl ace protocol 1 5 dst-port eq 64046

filter acl ace 1 5 enable

filter acl ace 1 6 name "UDP_1100_Drop"

filter acl ace ethernet 1 6 ether-type eq ip

filter acl ace ip 1 6 dst-ip eq 100.20.100.255

filter acl ace ip 1 6 ip-protocol-type eq udp

filter acl ace protocol 1 6 dst-port eq 1100

filter acl ace 1 6 enable

filter acl ace 1 7 name "UDP_67_Drop"

filter acl ace ip 1 7 ip-protocol-type eq udp

filter acl ace protocol 1 7 dst-port eq 67

filter acl ace 1 7 enable

filter acl ace 1 8 name "Messenger"

filter acl ace ip 1 8 ip-protocol-type eq udp

filter acl ace protocol 1 8 dst-port eq 1900

filter acl ace 1 8 enable

filter acl 20 type inVlan name "Symantec-Drop"

filter acl vlan 20 2

filter acl ace 20 10 name "Othello-drop"

filter acl ace ethernet 20 10 ether-type eq ip

filter acl ace ip 20 10 src-ip eq 100.20.2.47

filter acl ace ip 20 10 ip-protocol-type eq tcp

filter acl ace protocol 20 10 src-port eq 80

filter acl ace 20 10 enable

filter acl ace 20 15 name "Macbeth-drop"

filter acl ace action 20 15 deny

filter acl ace ethernet 20 15 ether-type eq ip

filter acl ace ip 20 15 src-ip eq 100.20.2.29

filter acl ace ip 20 15 ip-protocol-type eq tcp

filter acl ace protocol 20 15 src-port eq 80

filter acl 902 type inVlan name "ITD_REMOTE_in"

filter acl vlan 902 902

no filter acl 902 enable

filter acl ace 902 5 name "ITD_TO_ITD"

filter acl ace action 902 5 permit

filter acl ace ethernet 902 5 ether-type eq ip

filter acl ace ip 902 5 dst-ip eq 100.20.103.65

filter acl ace 902 5 enable

filter acl ace 902 10 name "ICMP_PERMIT"

filter acl ace action 902 10 permit

filter acl ace ethernet 902 10 ether-type eq ip

filter acl ace ip 902 10 ip-protocol-type eq icmp

filter acl ace 902 10 enable

filter acl ace 902 20 name "IGMP_PERMIT"

filter acl ace action 902 20 permit

filter acl ace ethernet 902 20 ether-type eq ip

filter acl ace ip 902 20 ip-protocol-type eq 2

filter acl ace 902 20 enable

filter acl ace 902 30 name "VRRP_PERMIT"

filter acl ace action 902 30 permit

filter acl ace ethernet 902 30 ether-type eq ip

filter acl ace ip 902 30 ip-protocol-type eq vrrp

filter acl ace 902 30 enable

filter acl ace 902 35 name "BOOTPS"

filter acl ace action 902 35 permit

filter acl ace protocol 902 35 dst-port eq 67

filter acl ace 902 35 enable

filter acl ace 902 36 name "BOOTPC"

filter acl ace action 902 36 permit

filter acl ace protocol 902 36 dst-port eq 68

filter acl ace 902 36 enable

filter acl ace 902 40 name "DNS_PERMIT"

filter acl ace action 902 40 permit

filter acl ace ethernet 902 40 ether-type eq ip

filter acl ace ip 902 40 src-ip eq 100.20.103.65

filter acl ace protocol 902 40 dst-port eq dns

filter acl ace 902 40 enable

filter acl ace 902 43 name "Netbios_Erisim"

filter acl ace action 902 43 permit

filter acl ace ethernet 902 43 ether-type eq ip

filter acl ace ip 902 43 src-ip eq 100.20.103.65

filter acl ace protocol 902 43 dst-port eq 135

filter acl ace 902 43 enable

filter acl ace 902 45 name "ESTABLISHED"

filter acl ace action 902 45 permit

filter acl ace ethernet 902 45 ether-type eq ip

filter acl ace ip 902 45 src-ip eq 100.20.103.65

filter acl ace ip 902 45 ip-protocol-type eq tcp

filter acl ace protocol 902 45 dst-port eq 1023

filter acl ace protocol 902 45 tcp-flags eq rst

filter acl ace 902 45 enable

filter acl ace 902 46 name "ESTABLISHED2"

filter acl ace action 902 46 permit

filter acl ace ethernet 902 46 ether-type eq ip

filter acl ace ip 902 46 src-ip eq 100.20.103.65

filter acl ace ip 902 46 ip-protocol-type eq tcp

filter acl ace protocol 902 46 dst-port eq 1023

filter acl ace protocol 902 46 tcp-flags eq ack

filter acl ace 902 46 enable

filter acl ace 902 50 name "DC-EXCH-DNS"

filter acl ace action 902 50 permit

filter acl ace ethernet 902 50 ether-type eq ip

filter acl ace ip 902 50 src-ip eq 100.20.103.65

filter acl ace ip 902 50 dst-ip eq 100.20.104.0

filter acl ace 902 50 enable

filter acl ace 902 55 name "DC-EXCH-DNS_OPC"

filter acl ace action 902 55 permit

filter acl ace ethernet 902 55 ether-type eq ip

filter acl ace ip 902 55 src-ip eq 100.20.103.65

filter acl ace ip 902 55 dst-ip eq 100.6.105.0

filter acl ace 902 55 enable

filter acl ace 902 60 name "Filesharing_Erisim"

filter acl ace action 902 60 permit

filter acl ace ethernet 902 60 ether-type eq ip

filter acl ace ip 902 60 src-ip eq 100.20.103.65

filter acl ace ip 902 60 dst-ip eq 100.20.103.71

filter acl ace 902 60 enable

filter acl ace 902 65 name "Filesharing_Erisim_Ek"

filter acl ace action 902 65 permit

filter acl ace ethernet 902 65 ether-type eq ip

filter acl ace ip 902 65 src-ip eq 100.20.103.65

filter acl ace ip 902 65 dst-ip eq 10.10.230.6

filter acl ace 902 65 enable

filter acl ace 902 70 name "IBPSQL_Erisim"

filter acl ace action 902 70 permit

filter acl ace ethernet 902 70 ether-type eq ip

filter acl ace ip 902 70 src-ip eq 100.20.103.65

filter acl ace ip 902 70 dst-ip eq 100.20.100.176

filter acl ace ip 902 70 ip-protocol-type eq tcp

filter acl ace protocol 902 70 dst-port eq 4450

filter acl ace 902 70 enable

filter acl ace 902 75 name "CTI_Erisim"

filter acl ace action 902 75 permit

filter acl ace ethernet 902 75 ether-type eq ip

filter acl ace ip 902 75 src-ip eq 100.20.103.65

filter acl ace ip 902 75 dst-ip eq 100.6.100.161

filter acl ace ip 902 75 ip-protocol-type eq tcp

filter acl ace protocol 902 75 dst-port eq 1433

filter acl ace 902 75 enable

filter acl ace 902 80 name "PVA_ERISIM"

filter acl ace action 902 80 permit

filter acl ace ethernet 902 80 ether-type eq ip

filter acl ace ip 902 80 src-ip eq 100.20.103.65

filter acl ace ip 902 80 dst-ip eq 100.6.100.138

filter acl ace ip 902 80 ip-protocol-type eq tcp

filter acl ace protocol 902 80 dst-port eq 1521

filter acl ace 902 80 enable

filter acl ace 902 85 name "PWC_ERISIM"

filter acl ace action 902 85 permit

filter acl ace ethernet 902 85 ether-type eq ip

filter acl ace ip 902 85 src-ip eq 100.20.103.65

filter acl ace ip 902 85 dst-ip eq 100.6.100.113

filter acl ace ip 902 85 ip-protocol-type eq tcp

filter acl ace protocol 902 85 dst-port eq 1521

filter acl ace 902 85 enable

filter acl ace 902 90 name "OASIS_ERISIM"

filter acl ace action 902 90 permit

filter acl ace ethernet 902 90 ether-type eq ip

filter acl ace ip 902 90 src-ip eq 100.20.103.65

filter acl ace ip 902 90 dst-ip eq 100.6.100.112

filter acl ace ip 902 90 ip-protocol-type eq tcp

filter acl ace protocol 902 90 dst-port eq 1521

filter acl ace 902 90 enable

filter acl ace 902 95 name "AV-YAMA_YONETIM__9968"

filter acl ace action 902 95 permit

filter acl ace ethernet 902 95 ether-type eq ip

filter acl ace ip 902 95 src-ip eq 100.20.103.65

filter acl ace ip 902 95 ip-protocol-type eq tcp

filter acl ace protocol 902 95 dst-port eq 9968

filter acl ace 902 95 enable

filter acl ace 902 100 name "AV-YAMA_YONETIM_2967"

filter acl ace action 902 100 permit

filter acl ace ethernet 902 100 ether-type eq ip

filter acl ace ip 902 100 src-ip eq 100.20.103.65

filter acl ace ip 902 100 ip-protocol-type eq tcp

filter acl ace protocol 902 100 dst-port eq 2967

filter acl ace 902 100 enable

filter acl ace 902 105 name "AV-YAMA_YONETIM_UDP_2967"

filter acl ace action 902 105 permit

filter acl ace ip 902 105 src-ip eq 100.20.103.65

filter acl ace ip 902 105 ip-protocol-type eq udp

filter acl ace protocol 902 105 dst-port eq 2967

filter acl ace 902 105 enable

filter acl ace 902 108 name "AV-YAMA_YONETIM_SOURCE_9968"

filter acl ace action 902 108 permit

filter acl ace ethernet 902 108 ether-type eq ip

filter acl ace ip 902 108 src-ip eq 100.20.103.65

filter acl ace ip 902 108 ip-protocol-type eq udp

filter acl ace protocol 902 108 src-port eq 9968

filter acl ace 902 108 enable

filter acl ace 902 110 name "ALERT_MOM_SMS_ERISIM_TCP_1270"

filter acl ace action 902 110 permit

filter acl ace ethernet 902 110 ether-type eq ip

filter acl ace ip 902 110 src-ip eq 100.20.103.65

filter acl ace ip 902 110 dst-ip eq 100.6.140.10

filter acl ace ip 902 110 ip-protocol-type eq tcp

filter acl ace protocol 902 110 dst-port eq 1270

filter acl ace 902 110 enable

filter acl ace 902 120 name "ALERT_MOM_SMS_ERISIM_UDP_1270"

filter acl ace action 902 120 permit

filter acl ace ethernet 902 120 ether-type eq ip

filter acl ace ip 902 120 src-ip eq 100.20.103.65

filter acl ace ip 902 120 dst-ip eq 100.6.140.10

filter acl ace ip 902 120 ip-protocol-type eq udp

filter acl ace protocol 902 120 dst-port eq 1270

filter acl ace 902 120 enable

filter acl ace 902 130 name "ALERT_MOM_SMS_ERISIM_HTTP"

filter acl ace action 902 130 permit

filter acl ace ethernet 902 130 ether-type eq ip

filter acl ace ip 902 130 src-ip eq 100.20.103.65

filter acl ace ip 902 130 dst-ip eq 100.6.140.13

filter acl ace ip 902 130 ip-protocol-type eq tcp

filter acl ace protocol 902 130 dst-port eq 80

filter acl ace 902 130 enable

filter acl ace 902 135 name "ALERT_MOM_SMS_ERISIM_HTTP2"

filter acl ace action 902 135 permit

filter acl ace ethernet 902 135 ether-type eq ip

filter acl ace ip 902 135 src-ip eq 100.20.103.65

filter acl ace ip 902 135 dst-ip eq 100.6.106.92

filter acl ace ip 902 135 ip-protocol-type eq tcp

filter acl ace protocol 902 135 dst-port eq 80

filter acl ace 902 135 enable

filter acl ace 902 140 name "ALERT_MOM_SMS_ERISIM_1521"

filter acl ace action 902 140 permit

filter acl ace ethernet 902 140 ether-type eq ip

filter acl ace ip 902 140 src-ip eq 100.20.103.65

filter acl ace ip 902 140 dst-ip eq 100.6.100.126

filter acl ace ip 902 140 ip-protocol-type eq tcp

filter acl ace protocol 902 140 dst-port eq 1521

filter acl ace 902 140 enable

filter acl ace 902 150 name "ALERT_MOM_SMS_ERISIM_1521x"

filter acl ace action 902 150 permit

filter acl ace ethernet 902 150 ether-type eq ip

filter acl ace ip 902 150 src-ip eq 100.20.103.65

filter acl ace ip 902 150 dst-ip eq 100.20.100.47

filter acl ace ip 902 150 ip-protocol-type eq tcp

filter acl ace protocol 902 150 dst-port eq 1521

filter acl ace 902 150 enable

filter acl ace 902 155 name "FULL_ERISIM"

filter acl ace action 902 155 permit

filter acl ace ethernet 902 155 ether-type eq ip

filter acl ace ip 902 155 dst-ip eq 100.20.100.149

filter acl ace 902 155 enable

filter acl ace 902 160 name "LOGLAMAK_ICIN"

filter acl ace action 902 160 permit redirect-next-hop 100.20.150.34

filter acl ace ethernet 902 160 ether-type eq ip

filter acl ace ip 902 160 src-ip eq 0.0.0.0

filter acl ace 902 170 name "DENY_ANY_ANY"

filter acl ace action 902 170 deny

filter acl ace ethernet 902 170 ether-type eq ip

filter acl ace ip 902 170 src-ip eq 0.0.0.0

filter acl ace ip 902 170 dst-ip eq 0.0.0.0

filter acl ace 902 170 enable

The following section provides details about the filter configuration for the second switched Layer 2 host.

#

# FILTER CONFIGURATION

#

filter acl 1 type outPort name "VRRP Drop"

filter acl port 1 add 1/24-1/25,1/37

filter acl ace 1 1 name "VRRP"

filter acl ace action 1 1 deny

filter acl ace ethernet 1 1 ether-type eq ip

filter acl ace ip 1 1 ip-protocol-type eq vrrp

filter acl ace 1 1 enable

filter acl ace 1 2 name "NetbIOS_Drop"

filter acl ace action 1 2 deny

filter acl ace ethernet 1 2 ether-type eq ip

filter acl ace ip 1 2 ip-protocol-type eq udp

filter acl ace protocol 1 2 dst-port eq 137

filter acl ace 1 2 enable

filter acl ace 1 3 name "NetbIOS2_Drop"

filter acl ace action 1 3 deny

filter acl ace ethernet 1 3 ether-type eq ip

filter acl ace ip 1 3 ip-protocol-type eq udp

filter acl ace protocol 1 3 dst-port eq 138

filter acl ace 1 3 enable

filter acl ace 1 4 name "WL_Multicast1_Drop"

filter acl ace action 1 4 deny

filter acl ace ethernet 1 4ether-type eq ip

filter acl ace ip 1 4 ip-protocol-type eq udp

filter acl ace protocol 1 4 dst-port eq 61011

filter acl ace 1 4 enable

filter acl ace 1 5 name "WL_Multicast2_Drop"

filter acl ace action 1 5 deny

filter acl ace ethernet 1 5 ether-type eq ip

filter acl ace ip 1 5 ip-protocol-type eq udp

filter acl ace protocol 1 5 dst-port eq 64046

filter acl ace 1 5 enable

filter acl 20 type inVlan name "Symantec-Drop"

filter acl vlan 20 2

filter acl ace 20 10 name "Othello-drop"

filter acl ace action 20 10 deny

filter acl ace ethernet 20 10 ether-type eq ip

filter acl ace ip 20 10 src-ip eq 100.20.2.47

filter acl ace ip 20 10 ip-protocol-type eq tcp

filter acl ace protocol 20 10 src-port eq 80

filter acl ace 20 10 enable

filter acl ace 20 15 name "Macbeth-drop"

filter acl ace 20 15 action deny

filter acl ace ethernet 20 15 ether-type eq ip

filter acl ace ip 20 15 src-ip eq 100.20.2.29

filter acl ace ip 20 15 ip-protocol-type eq tcp

filter acl ace protocol 20 15 src-port eq 80

filter acl 902 type inVlan name "ITD_REMOTE_in"

filter acl vlan 902 902

filter acl 902 disable

filter acl ace 902 5 name "ITD_TO_ITD"

filter acl ace action 902 5 permit

filter acl ace ethernet 902 5 ether-type eq ip

filter acl ace ip 902 5 dst-ip eq 100.20.103.65

filter acl ace 902 5 enable

filter acl ace 902 10 name "ICMP_PERMIT"

filter acl ace action 902 10 permit

filter acl ace ethernet 902 10 ether-type eq ip

filter acl ace ip 902 10 ip-protocol-type eq icmp

filter acl ace 902 10 enable

filter acl ace 902 20 name "IGMP_PERMIT"

filter acl ace action 902 20 permit

filter acl ace ethernet 902 20 ether-type eq ip

filter acl ace ip 902 20 ip-protocol-type eq 2

filter acl ace 902 20 enable

filter acl ace 902 30 name "VRRP_PERMIT"

filter acl ace action 902 30 permit

filter acl ace ethernet 902 30 ether-type eq ip

filter acl ace ip 902 30 ip-protocol-type eq vrrp

filter acl ace 902 30 enable

filter acl ace 902 35 name "BOOTPS"

filter acl ace action 902 35 permit

filter acl ace protocol 902 35 dst-port eq 67

filter acl ace 902 35 enable

filter acl ace 902 36 name "BOOTPC"

filter acl ace action 902 36 permit

filter acl ace protocol 902 36 dst-port eq 68

filter acl ace 902 36 enable

filter acl ace 902 40 name "DNS_PERMIT"

filter acl ace action 902 40 permit

filter acl ace ethernet 902 40 ether-type eq ip

filter acl ace ip 902 40 src-ip eq 100.20.103.65

filter acl ace protocol 902 40 dst-port eq dns

filter acl ace 902 40 enable

filter acl ace 902 43 name "Netbios_Erisim"

filter acl ace action 902 43 permit

filter acl ace ethernet 902 43 ether-type eq ip

filter acl ace ip 902 43 src-ip eq 100.20.103.65

filter acl ace protocol 902 43 dst-port eq 135

filter acl ace 902 43 enable

filter acl ace 902 45 name "ESTABLISHED ACK"

filter acl ace action 902 45 permit

filter acl ace ethernet 902 45 ether-type eq ip

filter acl ace ip 902 45 src-ip eq 100.20.103.65

filter acl ace ip 902 45 ip-protocol-type eq tcp

filter acl ace protocol 902 45 dst-port eq 1023

filter acl ace protocol 902 45 tcp-flags eq ack

filter acl ace 902 45 enable

filter acl ace 902 46 name "ESTABLISHED RST"

filter acl ace action 902 46 permit

filter acl ace ethernet 902 46 ether-type eq ip

filter acl ace protocol 902 46 tcp-flags eq rst

filter acl ace 902 46 enable

filter acl ace 902 50 name "DC-EXCH-DNS"

filter acl ace action 902 50 permit

filter acl ace ethernet 902 50 ether-type eq ip

filter acl ace ip 902 50 src-ip eq 100.20.103.65

filter acl ace ip 902 50 dst-ip eq 100.20.104.0

filter acl ace 902 50 enable

filter acl ace 902 55 name "DC-EXCH-DNS_OPC"

filter acl ace action 902 55 permit

filter acl ace ethernet 902 55 ether-type eq ip

filter acl ace ip 902 55 src-ip eq 100.20.103.65

filter acl ace ip 902 55 dst-ip eq 100.6.105.0

filter acl ace 902 55 enable

filter acl ace 902 60 name "Filesharing_Erisim"

filter acl ace action 902 60 permit

filter acl ace ethernet 902 60 ether-type eq ip

filter acl ace ip 902 60 src-ip eq 100.20.103.65

filter acl ace ip 902 60 dst-ip eq 100.20.103.71

filter acl ace 902 60 enable

filter acl ace 902 65 name "Filesharing_Erisim_Ek"

filter acl ace action 902 65 permit

filter acl ace ethernet 902 65 ether-type eq ip

filter acl ace ip 902 65 src-ip eq 100.20.103.65

filter acl ace ip 902 65 dst-ip eq 10.10.230.6

filter acl ace 902 65 enable

filter acl ace 902 70 name "IBPSQL_Erisim"

filter acl ace action 902 70 permit

filter acl ace ethernet 902 70 ether-type eq ip

filter acl ace ip 902 70 src-ip eq 100.20.103.65

filter acl ace ip 902 70 dst-ip eq 100.20.100.176

filter acl ace ip 902 70 ip-protocol-type eq tcp

filter acl ace protocol 902 70 dst-port eq 4450

filter acl ace 902 70 enable

filter acl ace 902 75 name "CTI_Erisim"

filter acl ace action 902 75 permit

filter acl ace ethernet 902 75 ether-type eq ip

filter acl ace ip 902 75 src-ip eq 100.20.103.65

filter acl ace ip 902 75 dst-ip eq 100.6.100.161

filter acl ace ip 902 75 ip-protocol-type eq tcp

filter acl ace protocol 902 75 dst-port eq 1433

filter acl ace 902 75 enable

filter acl ace 902 80 name "PVA_ERISIM"

filter acl ace action 902 80 permit

filter acl ace ethernet 902 80 ether-type eq ip

filter acl ace ip 902 80 src-ip eq 100.20.103.65

filter acl ace ip 902 80 ip eq 100.6.100.138

filter acl ace ip 902 80 ip-protocol-type eq tcp

filter acl ace protocol 902 80 dst-port eq 1521

filter acl ace 902 80 enable

filter acl ace 902 85 name "PWC_ERISIM"

filter acl ace action 902 85 permit

filter acl ace ethernet 902 85 ether-type eq ip

filter acl ace ip 902 85 src-ip eq 100.20.103.65

filter acl ace ip 902 85 dst-ip eq 100.6.100.113

filter acl ace ip 902 85 ip-protocol-type eq tcp

filter acl ace protocol 902 85 dst-port eq 1521

filter acl ace 902 85 enable

filter acl ace 902 90 name "OASIS_ERISIM"

filter acl ace action 902 90 permit

filter acl ace ethernet 902 90 ether-type eq ip

filter acl ace ip 902 90 src-ip eq 100.20.103.65

filter acl ace ip 902 90 dst-ip eq 100.6.100.112

filter acl ace ip 902 90 ip-protocol-type eq tcp

filter acl ace protocol 902 90 dst-port eq 1521

filter acl ace 902 90 enable

filter acl ace 902 95 name "AV-YAMA_YONETIM__9968"

filter acl ace action 902 95 permit

filter acl ace ethernet 902 95 ether-type eq ip

filter acl ace ip 902 95 src-ip eq 100.20.103.65

filter acl ace ip 902 95 ip-protocol-type eq tcp

filter acl ace protocol 902 95 dst-port eq 9968

filter acl ace 902 95 enable

filter acl ace 902 100 name "AV-YAMA_YONETIM_2967"

filter acl ace action 902 100 permit

filter acl ace ethernet 902 100 ether-type eq ip

filter acl ace ip 902 100 src-ip eq 100.20.103.65

filter acl ace ip 902 100 ip-protocol-type eq tcp

filter acl ace protocol 902 100 dst-port eq 2967

filter acl ace 902 100 enable

filter acl ace 902 105 name "AV-YAMA_YONETIM_UDP_2967"

filter acl ace action 902 105 permit

filter acl ace ethernet 902 105 ether-type eq ip

filter acl ace ip 902 105 src-ip eq 100.20.103.65

filter acl ace ip 902 105 ip-protocol-type eq udp

filter acl ace protocol 902 105 dst-port eq 2967

filter acl ace 902 105 enable

filter acl ace 902 108 name "AV-YAMA_YONETIM_SOURCE_9968"

filter acl ace action 902 108 permit

filter acl ace ethernet 902 108 ether-type eq ip

filter acl ace ip 902 108 src-ip eq 100.20.103.65

filter acl ace ip 902 108 ip-protocol-type eq udp

filter acl ace protocol 902 108 src-port eq 9968

filter acl ace 902 108 enable

filter acl ace 902 110 name "ALERT_MOM_SMS_ERISIM_TCP_1270"

filter acl ace action 902 110 permit

filter acl ace ethernet 902 110 ether-type eq ip

filter acl ace ip 902 110 src-ip eq 100.20.103.65

filter acl ace ip 902 110 dst-ip eq 100.6.140.10

filter acl ace ip 902 110 ip-protocol-type eq tcp

filter acl ace protocol 902 110 dst-port eq 1270

filter acl ace 902 110 enable

filter acl ace 902 120 name "ALERT_MOM_SMS_ERISIM_UDP_1270"

filter acl ace action 902 120 permit

filter acl ace ethernet 902 120 ether-type eq ip

filter acl ace ip 902 120 src-ip eq 100.20.103.65

filter acl ace ip 902 120 dst-ip eq 100.6.140.10

filter acl ace ip 902 120 ip-protocol-type eq udp

filter acl ace protocol 902 120 dst-port eq 1270

filter acl ace 902 120 enable

filter acl ace 902 130 name "ALERT_MOM_SMS_ERISIM_HTTP"

filter acl ace action 902 130 permit

filter acl ace ethernet 902 130 ether-type eq ip

filter acl ace ip 902 130 src-ip eq 100.20.103.65

filter acl ace ip 902 130 dst-ip eq 100.6.140.13

filter acl ace ip 902 130 ip-protocol-type eq tcp

filter acl ace protocol 902 130 dst-port eq 80

filter acl ace 902 130 enable

filter acl ace 902 135 name "ALERT_MOM_SMS_ERISIM_HTTP2"

filter acl ace action 902 135 permit

filter acl ace ethernet 902 135 ether-type eq ip

filter acl ace ip 902 135 src-ip eq 100.20.103.65

filter acl ace ip 902 135 dst-ip eq 100.6.106.92

filter acl ace ip 902 135 ip-protocol-type eq tcp

filter acl ace protocol 902 135 dst-port eq 80

filter acl ace 902 135 enable

filter acl ace 902 140 create name "ALERT_MOM_SMS_ERISIM_1521"

filter acl ace action 902 140 permit

filter acl ace ethernet 902 140 ether-type eq ip

filter acl ace ip 902 140 src-ip eq 100.20.103.65

filter acl ace ip 902 140 dst-ip eq 100.6.100.126

filter acl ace ip 902 140 ip-protocol-type eq tcp

filter acl ace protocol 902 140 dst-port eq 1521

filter acl ace 902 140 enable

filter acl ace 902 150 name "ALERT_MOM_SMS_ERISIM_1521x"

filter acl ace action 902 150 permit

filter acl ace ethernet 902 150 ether-type eq ip

filter acl ace ip 902 150 src-ip eq 100.20.103.65

filter acl ace ip 902 150 dst-ip eq 100.20.100.47

filter acl ace ip 902 150 ip-protocol-type eq tcp

filter acl ace protocol 902 150 dst-port eq 1521

filter acl ace 902 150 enable

filter acl ace 902 155 name "FULL_ERISIM"

filter acl ace action 902 155 permit

filter acl ace ethernet 902 155 ether-type eq ip

filter acl ace ip 901 155 dst-ip eq 100.20.100.149

filter acl ace 902 155 enable

filter acl ace 902 160 name "LOGLAMAK_ICIN"

filter acl ace action 902 160 permit redirect-next-hop 100.20.150.34

filter acl ace ethernet 902 160 ether-type eq ip

filter acl ace ip 902 160 src-ip ge 0.0.0.0

filter acl ace 902 170 name "DENY_ANY_ANY"

filter acl ace action 902 170 deny

filter acl ace ethernet 902 170 ether-type eq ip

filter acl ace ip 902 170 src-ip eq 0.0.0.0

filter acl ace ip 902 170 dst-ip eq 0.0.0.0

filter acl ace 902 170 enable

Layer 3 host configuration

The following section provides details about the filter configuration for the first core Layer 3 host.

#

# FILTER CONFIGURATION

#

filter acl 1 type outPort name "VRRP_Drop_ACL"

filter acl port 1 1/46

filter acl ace 1 1 name "Vrrp"

filter acl ace action 1 1 deny

filter acl ace ethernet 1 1 ether-type eq ip

filter acl ace ip 1 1 ip-protocol-type eq vrrp

filter acl ace 1 1 enable

filter acl 171 type inVlan name "TOPLANTI_VE_EGITIM_ACL"

filter acl vlan 171 171

filter acl 171 disable

filter acl ace 171 10 name "ICMP_PERMIT"

filter acl ace action 171 10 permit

filter acl ace ethernet 171 10 ether-type eq ip

filter acl ace ip 171 10 ip-protocol-type eq icmp

filter acl ace 171 10 enable

filter acl ace 171 20 name "IGMP_PERMIT"

filter acl ace action 171 20 permit

filter acl ace ethernet 171 20 ether-type eq ip

filter acl ace ip 171 20 ip-protocol-type eq 2

filter acl ace 171 20 enable

filter acl ace 171 30 name "VRRP_PERMIT"

filter acl ace action 171 30 permit

filter acl ace ethernet 171 30 ether-type eq ip

filter acl ace ip 171 30 ip-protocol-type eq vrrp

filter acl ace 171 30 enable

filter acl ace 171 40 name "DNS_PERMIT"

filter acl ace action 171 40 permit

filter acl ace ethernet 171 40 ether-type eq ip

filter acl ace ip 171 40 src-ip eq 100.20.171.0

filter acl ace ip 171 40 dst-ip eq 100.20.104.0

filter acl ace protocol 171 40 dst-port eq dns

filter acl ace 171 40 enable

filter acl ace 171 50 name "ESTABLISHED RST"

filter acl ace action 171 50 permit

filter acl ace ethernet 171 50 ether-type eq ip

filter acl ace ip 171 50 src-ip eq 100.6.172.0

filter acl ace ip 171 50 ip-protocol-type eq tcp

filter acl ace protocol 171 50 dst-port eq 1023

filter acl ace protocol 171 50 tcp-flags eq rst

filter acl ace 171 50 enable

filter acl ace 171 51 name "ESTABLISHED ACK"

filter acl ace action 171 51 permit

filter acl ace ethernet 171 51 ether-type eq ip

filter acl ace ip 171 51 src-ip eq 100.6.172.0

filter acl ace ip 171 51 ip-protocol-type eq tcp

filter acl ace protocol 171 51 dst-port eq 1023

filter acl ace protocol 171 51 tcp-flags eq ack

filter acl ace 171 51 enable

filter acl ace 171 60 name "DHCP_PERMIT"

filter acl ace action 171 60 permit

filter acl ace ethernet 171 60 ether-type eq ip

filter acl ace protocol 171 60 dst-port eq bootpServer

filter acl ace 171 60 enable

filter acl ace 171 80 name "DC_DNS_EXC_PERMIT"

filter acl ace action 171 80 permit

filter acl ace ethernet 171 80 ether-type eq ip

filter acl ace ip 171 80 src-ip eq 100.20.172.0

filter acl ace ip 181 70 dst-ip eq 100.20.104.0

filter acl ace 171 80 enable

filter acl ace 171 90 name "HTTP_PERMIT"

filter acl ace action 171 90 permit

filter acl ace ethernet 171 90 ether-type eq ip

filter acl ace ip 171 90 src-ip eq 100.20.172.0

filter acl ace protocol 171 90 dst-port eq 80

filter acl ace 171 90 enable

filter acl ace 171 100 name "HTTPS_PERMIT"

filter acl ace action 171 100 permit

filter acl ace ethernet 171 100 ether-type eq ip

filter acl ace ip 171 100 src-ip eq 100.20.172.0

filter acl ace protocol 171 100 dst-port eq 443

filter acl ace 171 100 enable

filter acl ace 171 110 name "PROXY_8080_PERMIT"

filter acl ace action 171 110 permit

filter acl ace ethernet 171 110 ether-type eq ip

filter acl ace ip 171 110 src-ip eq 100.20.172.0

filter acl ace ip 171 110 dst-ip eq 100.20.189.0

filter acl ace protocol 171 110 dst-port eq 8080

filter acl ace 171 110 enable

filter acl ace 171 120 name "CITRIX_Conn"

filter acl ace action 171 120 permit

filter acl ace ethernet 171 120 ether-type eq ip

filter acl ace protocol 171 120 dst-port eq 1494

filter acl ace protocol 171 120 dst-port eq 1604

filter acl ace 171 120 enable

filter acl ace 171 130 name "PWC_VPN_ERISIM"

filter acl ace action 171 130 permit

filter acl ace ethernet 171 130 ether-type eq ip

filter acl ace ip 171 130 src-ip eq 100.20.172.0

filter acl ace protocol 171 130 dst-port eq 11160

filter acl ace 171 130 enable

filter acl ace 171 150 name "Microsoft_FileSharing_PERMIT"

filter acl ace action 171 150 permit

filter acl ace protocol 171 150 dst-port eq 445

filter acl ace 171 150 enable

filter acl 172 type inVlan name "MISAFIR_ACL"

filter acl vlan 172 172

filter acl 172 disable

filter acl ace 172 5 name "Misafir_to_Misafir"

filter acl ace action 172 5 permit

filter acl ace ethernet 172 5 ether-type eq ip

filter acl ace ip 172 5 dst-ip eq 100.20.172.0

filter acl ace 172 5 enable

filter acl ace 172 10 name "ICMP_PERMIT"

filter acl ace action 172 10 permit

filter acl ace ethernet 172 10 ether-type eq ip

filter acl ace ip 172 10 ip-protocol-type eq icmp

filter acl ace 172 10 enable

filter acl ace 172 20 name "IGMP_PERMIT"

filter acl ace action 172 20 permit

filter acl ace ethernet 172 20 ether-type eq ip

filter acl ace ip 172 20 ip-protocol-type eq 2

filter acl ace 172 20 enable

filter acl ace 172 30 name "VRRP_PERMIT"

filter acl ace action 172 30 permit

filter acl ace ethernet 172 30 ether-type eq ip

filter acl ace ip 172 30 ip-protocol-type eq vrrp

filter acl ace 172 30 enable

filter acl ace 172 40 name "DNS_PERMIT"

filter acl ace action 172 40 permit

filter acl ace ethernet 172 40 ether-type eq ip

filter acl ace ip 172 40 src-ip eq 100.20.172.0

filter acl ace ip 172 40 dst-ip eq 100.20.104.0

filter acl ace protocol 172 40 dst-port eq dns

filter acl ace 172 40 enable

filter acl ace 172 50 name "ESTABLISHED RST"

filter acl ace action 172 50 permit

filter acl ace ethernet 172 50 ether-type eq ip

filter acl ace ip 172 50 src-ip eq 100.20.172.0

filter acl ace ip 172 50 ip-protocol-type eq tcp

filter acl ace protocol 172 50 dst-port eq 1023

filter acl ace protocol 172 50 tcp-flags eq rst

filter acl ace 172 50 enable

filter acl ace 172 51 name "ESTABLISHED ACK"

filter acl ace action 172 51 permit

filter acl ace ethernet 172 51 ether-type eq ip

filter acl ace ip 172 51 src-ip eq 100.20.172.0

filter acl ace ip 172 51 ip-protocol-type eq tcp

filter acl ace protocol 172 51 dst-port eq 1023

filter acl ace protocol 172 51 tcp-flags eq ack

filter acl ace 172 51 enable

filter acl ace 172 60 name "DHCP_PERMIT"

filter acl ace action 172 60 permit

filter acl ace protocol 172 60 dst-port eq bootpServer

filter acl ace 172 60 enable

filter acl ace 172 80 name "DC_DNS_EXC_PERMIT"

filter acl ace action 172 80 permit

filter acl ace ethernet 172 80 ether-type eq ip

filter acl ace ip 172 80 src-ip eq 100.20.172.0

filter acl ace ip 172 80 dst-ip eq 100.20.104.0

filter acl ace 172 80 enable

filter acl ace 172 90 name "HTTP_PERMIT"

filter acl ace action 172 90 permit

filter acl ace ethernet 172 90 ether-type eq ip

filter acl ace ip 172 90 src-ip eq 100.20.172.0

filter acl ace ip 172 90 ip-protocol-type eq tcp

filter acl ace protocol 172 90 dst-port eq 80

filter acl ace 172 90 enable

filter acl ace 172 100 name "HTTPS_PERMIT"

filter acl ace action 172 100 permit

filter acl ace ethernet 172 100 ether-type eq ip

filter acl ace ip 172 100 src-ip eq 100.20.172.0

filter acl ace ip 172 100 ip-protocol-type eq tcp

filter acl ace protocol 172 100 dst-port eq 443

filter acl ace 172 100 enable

filter acl ace 172 105 name "REMDESKTOP_PERMIT"

filter acl ace action 172 105 permit

filter acl ace ethernet 172 105 ether-type eq ip

filter acl ace ip 172 105 src-ip eq 100.20.172.0

filter acl ace ip 172 105 ip-protocol-type eq tcp

filter acl ace protocol 172 105 dst-port eq 3389

filter acl ace 172 105 enable

filter acl ace 172 106 name "NORKOM_PERMIT"

filter acl ace action 172 106 permit

filter acl ace ethernet 172 106 ether-type eq ip

filter acl ace ip 172 106 src-ip eq 100.20.172.0

filter acl ace ip 172 106 dst-ip eq 100.6.106.0

filter acl ace 172 106 enable

filter acl ace 172 107 name "SPECTRUM_PERMIT"

filter acl ace action 172 107 permit

filter acl ace ethernet 172 107 ether-type eq ip

filter acl ace ip 172 107 src-ip eq 100.20.172.0

filter acl ace ip 172 107 dst-ip eq 100.20.17.0

filter acl ace 172 107 enable

filter acl ace 172 110 name "PROXY_8080_PERMIT"

filter acl ace action 172 110 permit

filter acl ace ethernet 172 110 ether-type eq ip

filter acl ace ip 172 110 src-ip eq 100.20.172.0

filter acl ace ip 172 110 dst-ip eq 100.20.189.0

filter acl ace ip 172 110 ip-protocol-type eq tcp

filter acl ace protocol 172 110 dst-port eq 8080

filter acl ace 172 110 enable

filter acl ace 172 120 name "CITRIX_Conn-tcp"

filter acl ace action 172 120 permit

filter acl ace ethernet 172 120 ether-type eq ip

filter acl ace ip 172 120 ip-protocol-type eq tcp

filter acl ace protocol 172 120 dst-port eq 1494

filter acl ace 172 120 enable

filter acl ace 172 121 name "CITRIX_Conn-udp"

filter acl ace action 172 121 permit

filter acl ace ethernet 172 121 ether-type eq ip

filter acl ace ip 172 121 ip-protocol-type eq udp

filter acl ace protocol 172 121 dst-port eq 1604

filter acl ace 172 121 enable

filter acl ace 172 128 name "VOIP_VLAN_PERMIT"

filter acl ace action 172 128 permit

filter acl ace ethernet 172 128 ether-type eq ip

filter acl ace ip 172 128 dst-ip eq 10.201.0.0

filter acl ace 172 128 enable

filter acl ace 172 129 name "GANYMEDE-PERMIT"

filter acl ace action 172 129 permit

filter acl ace ethernet 172 130 ether-type eq ip

filter acl ace ip 172 129 src-ip eq 100.20.172.0

filter acl ace ip 172 129 dst-ip eq 100.6.100.225

filter acl ace 172 129 enable

filter acl ace 172 130 name "PWC_VPN_ERISIM"

filter acl ace action 172 130 permit

filter acl ace ethernet 172 51 ether-type eq ip

filter acl ace ip 172 130 src-ip eq 100.20.172.0

filter acl ace ip 172 130 ip-protocol-type eq tcp

filter acl ace protocol 172 130 tcp-dst-port eq 11160

filter acl ace 172 130 enable

filter acl ace 172 131 name "ISAKMP"

filter acl ace action 172 131 permit

filter acl ace ethernet 172 131 ether-type eq ip

filter acl ace ip 172 131 ip-protocol-type eq udp

filter acl ace protocol 172 131 dst-port eq 500

filter acl ace 172 131 enable

filter acl ace 172 132 name "ESP"

filter acl ace action 172 132 permit

filter acl ace ethernet 172 132 ether-type eq ip

filter acl ace ip 172 132 ip-protocol-type eq 50

filter acl ace 172 132 enable

filter acl ace 172 133 name "LOGLAMAK_ICIN"

filter acl ace action 172 133 permit redirect-next-hop 100.20.150.34

filter acl ace ip 172 133 src-ip eq 0.0.0.0

filter acl ace 172 140 name "DENY_ANY_ANY"

filter acl ace action 172 140 deny

filter acl ace ethernet 172 140 ether-type eq ip

filter acl ace ip 172 140 src-ip eq 0.0.0.0

filter acl ace ip 172 140 dst-ip eq 0.0.0.0

filter acl ace 172 140 enable

filter acl 802 type inVlan name "NICE-CLS_ACL-in"

filter acl vlan 802 802

filter acl 802 disable

filter acl ace 802 1 name "NICE_to_NICE"

filter acl ace action 802 1 permit

filter acl ace ethernet 802 1 ether-type eq ip

filter acl ace ip 802 1 dst-ip eq 100.20.174.32

filter acl ace 802 1 enable

filter acl ace 802 10 name "ICMP_PERMIT"

filter acl ace action 802 10 permit

filter acl ace ethernet 802 10 ether-type eq ip

filter acl ace ip 802 10 ip-protocol-type eq icmp

filter acl ace 802 10 enable

filter acl ace 802 20 name "IGMP_PERMIT"

filter acl ace action 802 20 permit

filter acl ace ethernet 802 20ether-type eq ip

filter acl ace ip 802 20 ip-protocol-type eq 2

filter acl ace 802 20 enable

filter acl ace 802 30 name "VRRP_PERMIT"

filter acl ace action 802 30 permit

filter acl ace ethernet 802 30 ether-type eq ip

filter acl ace ip 802 30 ip-protocol-type eq vrrp

filter acl ace 802 30 enable

filter acl ace 802 40 name "DNS_PERMIT"

filter acl ace action 802 40 permit

filter acl ace ethernet 802 40 ether-type eq ip

filter acl ace ip 802 40 src-ip eq 100.20.174.32

filter acl ace ip 802 40 dst-ip eq 100.20.104.0

filter acl ace protocol 802 40 dst-port eq dns

filter acl ace 802 40 enable

filter acl ace 802 45 name "DC-EXCH-DNS"

filter acl ace action 802 45 permit

filter acl ace ethernet 802 45 ether-type eq ip

filter acl ace ip 802 45 dst-ip eq 100.20.104.0

filter acl ace 802 45 enable

filter acl ace 802 50 name "ESTABLISHED RST"

filter acl ace action 802 50 permit

filter acl ace ethernet 802 50 ether-type eq ip

filter acl ace ip 802 50 src-ip eq 100.20.174.32

filter acl ace ip 802 50 ip-protocol-type eq tcp

filter acl ace protocol 802 50 dst-port eq 1023

filter acl ace protocol 802 50 tcp-flags eq rst

filter acl ace 802 50 enable

filter acl ace 802 51 name "ESTABLISHED ACK"

filter acl ace action 802 51 permit

filter acl ace ethernet 802 51 ether-type eq ip

filter acl ace ip 802 51 src-ip eq 100.20.174.32

filter acl ace ip 802 51 ip-protocol-type eq tcp

filter acl ace protocol 802 51 dst-port eq 1023

filter acl ace protocol 802 51 tcp-flags eq ack

filter acl ace 802 51 enable

filter acl ace 802 52 name "UDP_Permit"

filter acl ace action 802 52 permit

filter acl ace ethernet 802 52 ether-type eq ip

filter acl ace ip 802 52 ip-protocol-type eq udp

filter acl ace 802 52 enable

filter acl ace 802 60 name "NICE_Logging"

filter acl ace action 802 60 permit

filter acl ace ethernet 802 60 ether-type eq ip

filter acl ace ip 802 60 src-ip eq 100.20.174.32

filter acl ace ip 802 60 ip-protocol-type eq tcp

filter acl ace protocol 802 60 dst-port eq 2011

filter acl ace 802 60 enable

filter acl ace 802 65 name "RTS_Conn"

filter acl ace action 802 65 permit

filter acl ace ethernet 802 65 ether-type eq ip

filter acl ace ip 802 65 dst-ip eq 100.20.152.20

filter acl ace 802 65 enable

filter acl ace 802 70 name "CTI_Conn"

filter acl ace action 802 70 permit

filter acl ace ethernet 802 70 ether-type eq ip

filter acl ace ip 802 70 src-ip eq 100.20.174.32

filter acl ace ip 802 70 ip-protocol-type eq tcp

filter acl ace protocol 802 70 dst-port eq 3750

filter acl ace 802 70 enable

filter acl ace 802 90 name "LOGLAMA"

filter acl ace action 802 90 permit redirect-next-hop 100.20.150.217

filter acl ace ethernet 802 90 ether-type eq ip

filter acl ace ip 802 90 src-ip eq 0.0.0.0

filter acl ace 802 100 name "DENY_ANY"

filter acl ace action 802 100 deny

filter acl ace ip 802 100 src-ip eq 0.0.0.0

filter acl ace ip 802 100 dst-ip eq 0.0.0.0

filter acl ace 802 100 enable

filter acl 804 type inVlan name "BASIM_LIMITED-in"

filter acl vlan 804 804

filter acl ace 804 5 name "Basim_to_Basim"

filter acl ace action 804 5 permit

filter acl ace ethernet 804 5 ether-type eq ip

filter acl ace ip 804 5 dst-ip eq 100.20.174.96

filter acl ace 804 5 enable

filter acl ace 804 10 name "ICMP_PERMIT"

filter acl ace action 804 10 permit

filter acl ace ethernet 804 10 ether-type eq ip

filter acl ace ip 804 10 ip-protocol-type eq icmp

filter acl ace 804 10 enable

filter acl ace 804 20 name "IGMP_PERMIT"

filter acl ace action 804 20 permit

filter acl ace ethernet 804 20 ether-type eq ip

filter acl ace ip 804 20 ip-protocol-type eq 2

filter acl ace 804 20 enable

filter acl ace 804 30 name "VRRP_PERMIT"

filter acl ace action 804 30 permit

filter acl ace ethernet 804 30 ether-type eq ip

filter acl ace ip 804 30 ip-protocol-type eq vrrp

filter acl ace 804 30 enable

filter acl ace 804 40 name "DNS_PERMIT"

filter acl ace action 804 40 permit

filter acl ace protocol 804 40 dst-port eq dns

filter acl ace 804 40 enable

filter acl ace 804 45 name "DC-EXCH-DNS"

filter acl ace action 804 45 permit

filter acl ace ethernet 804 45 ether-type eq ip

filter acl ace ip 804 45 dst-ip eq 100.20.104.0

filter acl ace 804 45 enable

filter acl ace 804 50 name "ESTABLISHED RST"

filter acl ace action 804 50 permit

filter acl ace ethernet 804 50 ether-type eq ip

filter acl ace ip 804 50 src-ip eq 100.20.174.97

filter acl ace ip 804 50 ip-protocol-type eq tcp

filter acl ace protocol 804 50 dst-port eq 1023

filter acl ace protocol 804 50 tcp-flags eq rst

filter acl ace 804 50 enable

filter acl ace 804 51 name "ESTABLISHED ACK"

filter acl ace action 804 51 permit

filter acl ace ethernet 804 51 ether-type eq ip

filter acl ace ip 804 51 src-ip eq 100.20.174.97

filter acl ace ip 804 51 ip-protocol-type eq tcp

filter acl ace protocol 804 51 dst-port eq 1023

filter acl ace protocol 804 51 tcp-flags eq ack

filter acl ace 804 51 enable

filter acl ace 804 60 name "E-BANK_ERISIM"

filter acl ace action 804 60 permit

filter acl ace ethernet 804 60 ether-type eq ip

filter acl ace ip 804 60 dst-ip eq 100.20.115.11

filter acl ace ip 804 60 ip-protocol-type eq tcp

filter acl ace protocol 804 60 dst-port eq 80

filter acl ace 804 60 enable

filter acl ace 804 70 name "E-BANK_ERISIM_HTTPS"

filter acl ace action 804 70 permit

filter acl ace ethernet 804 70 ether-type eq ip

filter acl ace ip 802 70 dst-ip eq 100.20.115.11

filter acl ace ip 804 70 ip-protocol-type eq tcp

filter acl ace protocol 804 70 dst-port eq 443

filter acl ace 804 70 enable

filter acl ace 804 80 name "FRED_Erisim"

filter acl ace action 804 80 permit

filter acl ace ethernet 804 80 ether-type eq ip

filter acl ace ip 804 80 dst-ip eq 100.20.100.145

filter acl ace 804 80 enable

filter acl ace 804 81 name "BARNEY_Erisim"

filter acl ace action 804 81 permit

filter acl ace ethernet 804 81 ether-type eq ip

filter acl ace ip 804 81 dst-ip eq 100.20.100.151

filter acl ace 804 81 enable

filter acl ace 804 90 name "BUFFY_ERISIM"

filter acl ace action 804 90 permit

filter acl ace ethernet 804 90 ether-type eq ip

filter acl ace ip 804 90 dst-ip eq 100.20.100.77

filter acl ace ip 804 90 ip-protocol-type eq tcp

filter acl ace protocol 804 90 dst-port eq 1433

filter acl ace 804 90 enable

filter acl ace 804 100 name "ROMTest_ERISIM"

filter acl ace action 804 100 permit

filter acl ace ethernet 804 100 ether-type eq ip

filter acl ace ip 804 100 dst-ip eq 100.20.24.77

filter acl ace ip 804 100 ip-protocol-type eq tcp

filter acl ace protocol 804 100 dst-port eq 1433

filter acl ace 804 100 enable

filter acl ace 804 101 name "Mrksql-t0_ERISIM"

filter acl ace action 804 101 permit

filter acl ace ethernet 804 101 ether-type eq ip

filter acl ace ip 804 101 dst-ip eq 100.20.20.77

filter acl ace ip 804 101 ip-protocol-type eq tcp

filter acl ace protocol 804 101 dst-port eq 1433

filter acl ace 804 101 enable

filter acl ace 804 110 name "ROSETTA_ERISIM"

filter acl ace action 804 110 permit

filter acl ace ethernet 804 110 ether-type eq ip

filter acl ace ip 804 110 dst-ip eq 172.17.1.100

filter acl ace 804 110 enable

filter acl ace 804 120 name "PLAST_ERISIM"

filter acl ace action 804 120 permit

filter acl ace ethernet 804 120 ether-type eq ip

filter acl ace ip 804 120 dst-ip eq 212.57.7.20

filter acl ace 804 120 enable

filter acl ace 804 130 name "AV-Yama_YONETIM_2967"

filter acl ace action 804 130 permit

filter acl ace ethernet 804 130 ether-type eq ip

filter acl ace ip 804 130 ip-protocol-type eq tcp

filter acl ace protocol 804 130 dst-port eq 2967

filter acl ace 804 130 enable

filter acl ace 804 140 name "AV-Yama_YONETIM_9968"

filter acl ace action 804 140 permit

filter acl ace ethernet 804 140 ether-type eq ip

filter acl ace ip 804 140 ip-protocol-type eq tcp

filter acl ace protocol 804 140 dst-port eq 9968

filter acl ace 804 140 enable

filter acl ace 804 150 name "AV-Yama_YONETIM_UDP_2967"

filter acl ace action 804 150 permit

filter acl ace ethernet 804 150 ether-type eq ip

filter acl ace ip 804 150 ip-protocol-type eq udp

filter acl ace protocol 804 150 dst-port eq 2967

filter acl ace 804 150 enable

filter acl ace 804 160 name "AV-Yama_YONETIM_UDP_9968"

filter acl ace action 804 160 permit

filter acl ace ip 804 160 ip-protocol-type eq udp

filter acl ace protocol 804 160 dst-port eq 9968

filter acl ace 804 160 enable

filter acl ace 804 170 name "AV-Yama_YONETIM_UDP_Source"

filter acl ace action 804 170 permit

filter acl ace ethernet 804 170 ether-type eq ip

filter acl ace ip 804 170 ip-protocol-type eq udp

filter acl ace protocol 804 170 src-port eq 9968

filter acl ace 804 170 enable

filter acl ace 804 210 name "PROXY_ERISIM_EK"

filter acl ace action 804 210 permit

filter acl ace ethernet 804 210 ether-type eq ip

filter acl ace ip 804 210 dst-ip eq 100.20.189.0

filter acl ace ip 804 210 ip-protocol-type eq tcp

filter acl ace protocol 804 210 dst-port eq 8080

filter acl ace 804 210 enable

filter acl ace 804 220 name "LOGLAMA"

filter acl ace action 804 220 permit redirect-next-hop 100.20.150.217

filter acl ace ethernet 804 220 ether-type eq ip

filter acl ace ip 804 220 src-ip eq 0.0.0.0

filter acl ace 804 230 name "DENY_ANY"

filter acl ace action 804 230 deny

filter acl ace ip 804 230 src-ip eq 0.0.0.0

filter acl ace ip 804 230 dst-ip eq 0.0.0.0

filter acl ace 804 230 enable

filter acl 805 type inVlan name "SBS-Remote"

filter acl vlan 805 805

filter acl ace 805 5 name "SBS-to-SBS"

filter acl ace action 805 5 permit

filter acl ace ethernet 805 5 ether-type eq ip

filter acl ace ip 805 5 dst-ip eq 100.20.174.128

filter acl ace 805 5 enable

filter acl ace 805 10 name "ICMP_PERMIT"

filter acl ace action 805 10 permit

filter acl ace ethernet 805 10 ether-type eq ip

filter acl ace ip 805 10 ip-protocol-type eq icmp

filter acl ace 805 10 enable

filter acl ace 805 20 name "IGMP_PERMIT"

filter acl ace action 805 20 permit

filter acl ace ethernet 805 20 ether-type eq ip

filter acl ace ip 805 20 ip-protocol-type eq 2

filter acl ace 805 20 enable

filter acl ace 805 30 name "VRRP_PERMIT"

filter acl ace action 805 30 permit

filter acl ace ethernet 805 30 ether-type eq ip

filter acl ace ip 805 30 ip-protocol-type eq vrrp

filter acl ace 805 30 enable

filter acl ace 805 40 name "DNS_PERMIT"

filter acl ace action 805 40 permit

filter acl ace protocol 805 40 dst-port eq 53

filter acl ace 805 40 enable

filter acl ace 805 50 name "ESTABLISHED RST"

filter acl ace action 805 50 permit

filter acl ace ethernet 805 50 ether-type eq ip

filter acl ace ip 805 50 src-ip eq 100.20.174.128

filter acl ace ip 805 50 ip-protocol-type eq tcp

filter acl ace protocol 805 50 dst-port eq 1023

filter acl ace protocol 805 50 tcp-flags eq rst

filter acl ace 805 50 enable

filter acl ace 805 51 name "ESTABLISHED ACK"

filter acl ace action 805 51 permit

filter acl ace ethernet 805 51 ether-type eq ip

filter acl ace ip 805 51 src-ip eq 100.20.174.128

filter acl ace ip 805 51 ip-protocol-type eq tcp

filter acl ace protocol 805 51 dst-port eq 1023

filter acl ace protocol 805 51 tcp-flags eq ack

filter acl ace 805 51 enable

filter acl ace 805 80 name "DC_DNS_EXCH_PERMIT"

filter acl ace action 805 80 permit

filter acl ace ethernet 805 80 ether-type eq ip

filter acl ace ip 805 80 dst-ip eq 100.20.104.0

filter acl ace 805 80 enable

filter acl ace 805 90 name "HTTP_PERMIT"

filter acl ace action 805 90 permit

filter acl ace ethernet 805 90 ether-type eq ip

filter acl ace ip 805 90 ip-protocol-type eq tcp

filter acl ace protocol 805 90 dst-port eq 80

filter acl ace 805 90 enable

filter acl ace 805 100 name "HTTPS_PERMIT"

filter acl ace action 805 100 permit

filter acl ace ethernet 805 100 ether-type eq ip

filter acl ace ip 805 100 ip-protocol-type eq tcp

filter acl ace protocol 805 100 dst-port eq 443

filter acl ace 805 100 enable

filter acl ace 805 105 name "REMDESKTOP_PERMIT"

filter acl ace action 805 105 permit

filter acl ace ethernet 805 105 ether-type eq ip

filter acl ace ip 805 105 ip-protocol-type eq tcp

filter acl ace protocol 805 105 dst-port eq 3389

filter acl ace 805 105 enable

filter acl ace 805 110 name "PROXY_8080_PERMIT"

filter acl ace action 805 110 permit

filter acl ace ethernet 805 110 ether-type eq ip

filter acl ace ip 805 110 dst-ip eq 100.20.189.0

filter acl ace ip 805 110 ip-protocol-type eq tcp

filter acl ace protocol 805 110 dst-port eq 8080

filter acl ace 805 110 enable

filter acl ace 805 120 name "DAMEWARE_PERMIT"

filter acl ace action 805 120 permit

filter acl ace ethernet 805 120 ether-type eq ip

filter acl ace ip 805 120 src-ip eq 100.20.174.128

filter acl ace protocol 805 120 dst-port eq 445,6129

filter acl ace 805 120 enable

filter acl ace 805 140 name "DENY_ANY_ANY"

filter acl ace action 805 140 deny

filter acl ace ethernet 805 140 ether-type eq ip

filter acl ace ip 805 140 src-ip eq 0.0.0.0

filter acl ace ip 805 140 dst-ip eq 0.0.0.0

filter acl ace 805 140 enable

filter acl 1000 type inPort name "CS1K-RemDesk"

filter acl port 1000 1/33

filter acl ace 1000 10 name "ICMP"

filter acl ace action 1000 10 permit

filter acl ace ethernet 1000 10 ether-type eq ip

filter acl ace ip 1000 10 ip-protocol-type eq icmp

filter acl ace 1000 10 enable

filter acl ace 1000 15 name "ESTABLISHED_PERMIT RST"

filter acl ace action 1000 15 permit

filter acl ace ethernet 1000 15 ether-type eq ip

filter acl ace protocol 1000 15 dst-port eq 1023

filter acl ace protocol 1000 15 tcp-flags eq rst,ack

filter acl ace 1000 15 enable

filter acl ace 1000 16 name "ESTABLISHED_PERMIT ACK"

filter acl ace action 1000 16 permit

filter acl ace ethernet 1000 16 ether-type eq ip

filter acl ace protocol 1000 16 dst-port eq 1023

filter acl ace protocol 1000 16 tcp-flags eq ack

filter acl ace 1000 16 enable

filter acl ace 1000 20 name "LOGLAMAK_ICIN"

filter acl ace action 1000 20 permit redirect-next-hop 10.201.12.8

filter acl ace ethernet 1000 20 ether-type eq ip

filter acl ace ip 1000 20 src-ip eq 0.0.0.0

filter acl ace 1000 30 name "DENY-ANY_ANY"

filter acl ace action 1000 30 deny

filter acl ace ethernet 1000 30 ether-type eq ip

filter acl ace ip 1000 30 src-ip eq 0.0.0.0

filter acl ace 1000 30 enable

filter acl vlan 1802 802

filter acl 1802 disable

filter acl ace 1802 10 name "ICMP_PERMIT"

filter acl ace action 1802 10 permit

filter acl ace ethernet 1802 10 ether-type eq ip

filter acl ace ip 1802 10 ip-protocol-type eq icmp

filter acl ace 1802 10 enable

filter acl ace 1802 20 name "IGMP_PERMIT"

filter acl ace action 1802 20 permit

filter acl ace ethernet 1802 20 ether-type eq ip

filter acl ace ip 1802 20 ip-protocol-type eq 2

filter acl ace 1802 20 enable

filter acl ace 1802 30 name "VRRP_PERMIT"

filter acl ace action 1802 30 permit

filter acl ace ethernet 1802 30 ether-type eq ip

filter acl ace ip 1802 30 ip-protocol-type eq vrrp

filter acl ace 1802 30 enable

filter acl ace 1802 51 name "UDP_Permit"

filter acl ace action 1802 51 permit

filter acl ace ethernet 1802 51 ether-type eq ip

filter acl ace ip 1802 51 ip-protocol-type eq udp

filter acl ace 1802 51 enable

filter acl ace 1802 60 name "NICE_Logging"

filter acl ace action 1802 60 permit

filter acl ace ethernet 1802 60 ether-type eq ip

filter acl ace ip 1802 60 src-ip eq 100.20.174.32

filter acl ace protocol 1802 60 dst-port eq 2011

filter acl ace 1802 60 enable

filter acl ace 1802 65 name "RTS_Conn"

filter acl ace action 1802 65 permit

filter acl ace 1802 100 name "DENY_ANY"

filter acl ace action 1802 100 deny

filter acl ace ethernet 1802 100 ether-type eq ip

filter acl ace ip 1802 100 src-ip eq 0.0.0.0

filter acl ace ip 1802 100 dst-ip eq 0.0.0.0

filter acl ace 1802 100 enable

filter acl vlan 1804 804

filter acl ace 1804 5 name "BASIM_to_BASIM"

filter acl ace action 1804 5 permit

filter acl ace ethernet 1804 5 ether-type eq ip

filter acl ace ip 1804 5 src-ip eq 100.20.174.96

filter acl ace 1804 5 enable

filter acl ace 1804 10 name "ICMP_PERMIT"

filter acl ace action 1804 10 permit

filter acl ace ethernet 1804 10 ether-type eq ip

filter acl ace ip 1804 10 ip-protocol-type eq icmp

filter acl ace 1804 10 enable

filter acl ace 1804 20 name "IGMP_PERMIT"

filter acl ace action 1804 20 permit

filter acl ace ethernet 1804 20 ether-type eq ip

filter acl ace ip 1804 20 ip-protocol-type eq 2

filter acl ace 1804 20 enable

filter acl ace 1804 30 name "VRRP_PERMIT"

filter acl ace action 1804 30 permit

filter acl ace ethernet 1804 30 ether-type eq ip

filter acl ace ip 1804 30 ip-protocol-type eq vrrp

filter acl ace 1804 30 enable

filter acl ace 1804 40 name "DNS_PERMIT"

filter acl ace action 1804 40 permit

filter acl ace protocol 1804 40 src-port eq 53

filter acl ace 1804 40 enable

filter acl ace 1804 45 name "DC-EXCH-DNS"

filter acl ace action 1804 45 permit

filter acl ace ethernet 1804 45 ether-type eq ip

filter acl ace ip 1804 45 src-ip eq 100.20.104.0

filter acl ace 1804 45 enable

filter acl ace 1804 50 name "ESTABLISHED RST"

filter acl ace action 1804 50 permit

filter acl ace ethernet 1804 50 ether-type eq ip

filter acl ace ip 1804 50 dst-ip eq 100.20.174.97

filter acl ace ip 1804 50 ip-protocol-type eq tcp

filter acl ace protocol 1804 50 tcp-dst-port eq 1023

filter acl ace protocol 1804 50 tcp-flags eq rst

filter acl ace 1804 50 enable

filter acl ace 1804 51 name "ESTABLISHED ACK"

filter acl ace action 1804 51 permit

filter acl ace ethernet 1804 51 ether-type eq ip

filter acl ace ip 1804 51 dst-ip eq 100.20.174.97

filter acl ace ip 1804 51 ip-protocol-type eq tcp

filter acl ace protocol 1804 51 tcp-dst-port eq 1023

filter acl ace protocol 1804 51 tcp-flags eq ack

filter acl ace 1804 51 enable

filter acl ace 1804 80 name "PWC_ERISIM"

filter acl ace action 1804 80 permit

filter acl ace ethernet 1804 80 ether-type eq ip

filter acl ace ip 1804 80 src-ip eq 100.20.100.145

filter acl ace 1804 80 enable

filter acl ace 1804 110 name "ROSETTA_ERISIM"

filter acl ace action 1804 110 permit

filter acl ace ethernet 1804 110 ether-type eq ip

filter acl ace ip 1804 110 src-ip eq 172.17.1.100

filter acl ace 1804 110 enable

filter acl ace 1804 120 name "PLAST_ERISIM"

filter acl ace action 1804 120 permit

filter acl ace ethernet 1804 120 ether-type eq ip

filter acl ace ip 1804 120 src-ip eq 212.57.7.20

filter acl ace 1804 120 enable

filter acl ace 1804 130 name "AV-Yama_YONETIM_9968"

filter acl ace action 1804 130 permit

filter acl ace ethernet 1804 130 ether-type eq ip

filter acl ace ip 1804 130 ip-protocol-type eq tcp

filter acl ace protocol 1804 130 dst-port eq 9968

filter acl ace 1804 130 enable

filter acl ace 1804 140 name "AV-Yama_YONETIM_2967"

filter acl ace action 1804 140 permit

filter acl ace ethernet 1804 140 ether-type eq ip

filter acl ace ip 1804 140 ip-protocol-type eq tcp

filter acl ace protocol 1804 140 dst-port eq 2967

filter acl ace 1804 140 enable

filter acl ace 1804 150 name "AV-Yama_YONETIM_UDP_9968"

filter acl ace action 1804 150 permit

filter acl ace ethernet 1804 150 ether-type eq ip

filter acl ace ip 1840 150 ip-protocol-type eq udp

filter acl ace protocol 1804 150 dst-port eq 9968

filter acl ace 1804 150 enable

filter acl ace 1804 160 name "AV-Yama_YONETIM_UDP_2967"

filter acl ace action 1804 160 permit

filter acl ace ethernet 1804 160 ether-type eq ip

filter acl acl ip 1804 160 ip-protocol-type eq udp

filter acl ace protocol 1804 160 dst-port eq 2967

filter acl ace 1804 160 enable

filter acl ace 1804 180 name "SUNUCU_YONETIM"

filter acl ace action 1804 180 permit

filter acl ace ethernet 1804 180 ether-type eq ip

filter acl ace ip 1804 180 src-ip eq 100.20.150.80

filter acl ace ip 1804 180 ip-protocol-type eq tcp

filter acl ace protocol 1804 180 dst-port eq 3389

filter acl ace 1804 180 enable

filter acl ace 1804 200 name "OTOMIZE_DEBIT_CARD_OPS"

filter acl ace action 1804 200 permit

filter acl ace ethernet 1804 200 ether-type eq ip

filter acl ace ip 1804 200 src-ip eq 100.20.114.0

filter acl ace ip 1804 200 ip-protocol-type eq tcp

filter acl ace protocol 1804 200 dst-port eq 445

filter acl ace 1804 200 enable

filter acl ace 1804 210 name "OTOMIZE_DEBIT_CARD_OPS"

filter acl ace action 1804 210 permit

filter acl ace ethernet 1804 210 ether-type eq ip

filter acl ace ip 1804 210 src-ip eq 100.20.24.0

filter acl ace ip 1804 210 ip-protocol-type eq tcp

filter acl ace protocol 1804 210 dst-port eq 445

filter acl ace 1804 210 enable

filter acl ace 1804 220 name "LOGLAMA"

filter acl ace action 1804 220 permit

filter acl ace ethernet 1804 220 ether-type eq ip

filter acl ace ip 1804 220 src-ip eq 0.0.0.0

filter acl ace 1804 220 enable

filter acl ace 1804 230 name "DENY_ANY"

filter acl ace action 1804 230 deny

filter acl ace ethernet 1804 230 ether-type eq ip

filter acl ace ip 1804 230 src-ip eq 0.0.0.0

filter acl ace ip 1804 230 dst-ip eq 0.0.0.0

filter acl ace 1804 230 enable

The following section provides details about the filter configuration for the second core Layer 3 host

#

# FILTER CONFIGURATION

#

filter acl port 1 1/46

filter acl ace 1 1 name "Vrrp"

filter acl ace action 1 1 deny

filter acl ace ethernet 1 1 ether-type eq ip

filter acl ace ip 1 1 ip-protocol-type eq vrrp

filter acl ace 1 1 enable

filter acl 171 type inVlan name "TOPLANTI_VE_EGITIM_ACL"

filter acl vlan 171 171

filter acl 171 disable

filter acl ace 171 10 name "ICMP_PERMIT"

filter acl ace action 171 10 permit

filter acl ace ethernet 171 10 ether-type eq ip

filter acl ace ip 171 10 ip-protocol-type eq icmp

filter acl ace 171 10 enable

filter acl ace 171 20 name "IGMP_PERMIT"

filter acl ace action 171 20 permit

filter acl ace ethernet 171 20 ether-type eq ip

filter acl ace ip 171 20 ip-protocol-type eq 2

filter acl ace 171 20 enable

filter acl ace 171 30 name "VRRP_PERMIT"

filter acl ace action 171 30 permit

filter acl ace ethernet 171 30 ether-type eq ip

filter acl ace ip 171 30 ip-protocol-type eq vrrp

filter acl ace 171 30 enable

filter acl ace 171 40 name "DNS_PERMIT"

filter acl ace action 171 40 permit

filter acl ace ethernet 171 40 ether-type eq ip

filter acl ace ip 171 40 src-ip eq 100.20.171.0

filter acl ace ip 171 40 dst-ip eq 100.20.104.0

filter acl ace protocol 171 40 dst-port eq dns

filter acl ace 171 40 enable

filter acl ace 171 50 name "ESTABLISHED RST"

filter acl ace action 171 50 permit

filter acl ace ethernet 171 50 ether-type eq ip

filter acl ace ip 171 50 src-ip eq 100.6.172.0

filter acl ace ip 171 50 ip-protocol-type eq tcp

filter acl ace protocol 171 50 dst-port eq 1023

filter acl ace protocol 171 50 flags eq rst

filter acl ace 171 50 enable

filter acl ace 171 51 name "ESTABLISHED ACK"

filter acl ace action 171 51 permit

filter acl ace ethernet 171 51 ether-type eq ip

filter acl ace ip 171 51 src-ip eq 100.6.172.0

filter acl ace ip 171 51 ip-protocol-type eq tcp

filter acl ace protocol 171 51 dst-port eq 1023

filter acl ace protocol 171 51 flags eq ack

filter acl ace 171 51 enable

filter acl ace 171 60 name "DHCP_PERMIT"

filter acl ace action 171 60 permit

filter acl ace protocol 171 60 dst-port eq bootpServer

filter acl ace 171 60 enable

filter acl ace 171 80 name "DC_DNS_EXC_PERMIT"

filter acl ace action 171 80 permit

filter acl ace ethernet 171 80 ether-type eq ip

filter acl ace ip 171 80 src-ip eq 100.20.172.0

filter acl ace ip 171 80 dst-ip eq 100.20.104.0

filter acl ace 171 80 enable

filter acl ace 171 90 name "HTTP_PERMIT"

filter acl ace action 171 90 permit

filter acl ace ethernet 171 90 ether-type eq ip

filter acl ace ip 171 90 src-ip eq 100.20.172.0

filter acl ace protocol 171 90 dst-port eq 80

filter acl ace 171 90 enable

filter acl ace 171 100 name "HTTPS_PERMIT"

filter acl ace action 171 100 permit

filter acl ace ethernet 171 100 ether-type eq ip

filter acl ace ip 171 100 src-ip eq 100.20.172.0

filter acl ace protocol 171 100 dst-port eq 443

filter acl ace 171 100 enable

filter acl ace 171 110 name "PROXY_8080_PERMIT"

filter acl ace action 171 110 permit

filter acl ace ethernet 171 110 ether-type eq ip

filter acl ace ip 171 110 src-ip eq 100.20.172.0

filter acl ace ip 171 110 dst-ip eq 100.20.189.0

filter acl ace protocol 171 110 dst-port eq 8080

filter acl ace 171 110 enable

filter acl ace 171 120 name "CITRIX_Conn"

filter acl ace action 171 120 permit

filter acl ace ethernet 171 120 ether-type eq ip

filter acl ace protocol 171 120 dst-port eq 1494

filter acl ace protocol 171 120 dst-port eq 1604

filter acl ace 171 120 enable

filter acl ace 171 130 name "PWC_VPN_ERISIM"

filter acl ace action 171 130 permit

filter acl ace ethernet 171 130 ether-type eq ip

filter acl ace ip 171 130 src-ip eq 100.20.172.0

filter acl ace protocol 171 130 dst-port eq 11160

filter acl ace 171 130 enable

filter acl ace 171 140 name "Microsoft_FileSharing_PERMIT"

filter acl ace action 171 140 permit

filter acl ace protocol 171 140 dst-port eq 135-139

filter acl ace 171 140 enable

filter acl ace 171 150 create name "Microsoft_FileSharing_PERMIT"

filter acl ace action 171 150 permit

filter acl ace protocol 171 150 dst-port eq 445

filter acl ace 171 150 enable

filter acl 172 type inVlan name "MISAFIR_ACL"

filter acl vlan 172 172

filter acl 172 disable

filter acl ace 172 5 name "Misafir_to_Misafir"

filter acl ace action 172 5 permit

filter acl ace ethernet 172 5 ether-type eq ip

filter acl ace ip 172 5 dst-ip eq 100.20.172.0

filter acl ace 172 5 enable

filter acl ace 172 10 name "ICMP_PERMIT"

filter acl ace action 172 10 permit

filter acl ace ethernet 172 10 ether-type eq ip

filter acl ace ip 172 10 ip-protocol-type eq icmp

filter acl ace 172 10 enable

filter acl ace 172 20 name "IGMP_PERMIT"

filter acl ace action 172 20 permit

filter acl ace ethernet 172 20 ether-type eq ip

filter acl ace ip 172 20 ip-protocol-type eq 2

filter acl ace 172 20 enable

filter acl ace 172 30 name "VRRP_PERMIT"

filter acl ace action 172 30 permit

filter acl ace ethernet 172 30 ether-type eq ip

filter acl ace ip 172 30 ip-protocol-type eq vrrp

filter acl ace 172 30 enable

filter acl ace 172 40 name "DNS_PERMIT"

filter acl ace action 172 40 permit

filter acl ace ethernet 172 40 ether-type eq ip

filter acl ace ip 172 40 src-ip eq 100.20.172.0

filter acl ace ip 172 40 dst-ip eq 100.20.104.0

filter acl ace protocol 172 40 dst-port eq dns

filter acl ace 172 40 enable

filter acl ace 172 50 name "ESTABLISHED RST"

filter acl ace action 172 50 permit

filter acl ace ethernet 172 50 ether-type eq ip

filter acl ace ip 172 50 src-ip eq 100.20.172.0

filter acl ace ip 172 50 ip-protocol-type eq tcp

filter acl ace protocol 172 50 dst-port eq 1023

filter acl ace protocol 172 50 tcp-flags eq ack

filter acl ace 172 50 enable

filter acl ace 172 51 name "ESTABLISHED ACK"

filter acl ace action 172 51 permit

filter acl ace ethernet 172 51 ether-type eq ip

filter acl ace ip 172 51 src-ip eq 100.20.172.0

filter acl ace ip 172 51 ip-protocol-type eq tcp

filter acl ace protocol 172 51 dst-port eq 1023

filter acl ace protocol 172 51 tcp-flags eq ack

filter acl ace 172 51 enable

filter acl ace 172 60 name "DHCP_PERMIT"

filter acl ace action 172 60 permit

filter acl ace protocol 172 60 dst-port eq bootpServer

filter acl ace 172 60 enable

filter acl ace 172 80 name "DC_DNS_EXC_PERMIT"

filter acl ace action 172 80 permit

filter acl ace ethernet 172 80 ether-type eq ip

filter acl ace ip 172 80 src-ip eq 100.20.172.0

filter acl ace ip 172 80 dst-ip eq 100.20.104.0

filter acl ace 172 80 enable

filter acl ace 172 90 name "HTTP_PERMIT"

filter acl ace action 172 90 permit

filter acl ace ethernet 172 90 ether-type eq ip

filter acl ace ip 172 90 src-ip eq 100.20.172.0

filter acl ace ip 172 90 ip-protocol-type eq tcp

filter acl ace protocol 172 90 dst-port eq 80

filter acl ace 172 100 name "HTTPS_PERMIT"

filter acl ace action 172 100 permit

filter acl ace ethernet 172 100 ether-type eq ip

filter acl ace ip 172 100 src-ip eq 100.20.172.0

filter acl ace ip 172 100 ip-protocol-type eq tcp

filter acl ace protocol 172 100 dst-port eq 443

filter acl ace 172 100 enable

filter acl ace 172 105 name "REMDESKTOP_PERMIT"

filter acl ace action 172 105 permit

filter acl ace ethernet 172 105 ether-type eq ip

filter acl ace ip 172 105 src-ip eq 100.20.172.0

filter acl ace ip 172 105 ip-protocol-type eq tcp

filter acl ace protocol 172 105 dst-port eq 3389

filter acl ace 172 105 enable

filter acl ace 172 106 name "NORKOM_PERMIT"

filter acl ace action 172 106 permit

filter acl ace ethernet 172 106 ether-type eq ip

filter acl ace ip 172 106 src-ip eq 100.20.172.0

filter acl ace ip 172 106 dst-ip eq 100.6.106.0

filter acl ace 172 106 enable

filter acl ace 172 107 name "SPECTRUM_PERMIT"

filter acl ace action 172 107 permit

filter acl ace ethernet 172 107 ether-type eq ip

filter acl ace ip 172 107 src-ip eq 100.20.172.0

filter acl ace ip 172 107 dst-ip eq 100.20.17.0

filter acl ace 172 107 enable

filter acl ace 172 110 name "PROXY_8080_PERMIT"

filter acl ace action 172 110 permit

filter acl ace ethernet 172 110 ether-type eq ip

filter acl ace ip 172 110 src-ip eq 100.20.172.0

filter acl ace ip 172 110 dst-ip eq 100.20.189.0

filter acl ace ip 172 110 ip-protocol-type eq tcp

filter acl ace protocol 172 110 dst-port eq 8080

filter acl ace 172 110 enable

filter acl ace 172 120 name "CITRIX_Conn-tcp"

filter acl ace action 172 120 permit

filter acl ace ethernet 172 120 ether-type eq ip

filter acl ace ip 172 120 ip-protocol-type eq tcp

filter acl ace protocol 172 120 dst-port eq 1494

filter acl ace 172 120 enable

filter acl ace 172 121 name "CITRIX_Conn-udp"

filter acl ace action 172 121 permit

filter acl ace ethernet 172 121 ether-type eq ip

filter acl ace ip 172 121 ip-protocol-type eq udp

filter acl ace protocol 172 121 dst-port eq 1604

filter acl ace 172 121 enable

filter acl ace 172 128 name "VOIP_VLAN_PERMIT"

filter acl ace action 172 128 permit

filter acl ace ethernet 172 128 ether-type eq ip

filter acl ace ip 172 128 src-ip eq 100.20.172.0

filter acl ace ip 172 128 dst-ip eq 10.201.0.0

filter acl ace 172 128 enable

filter acl ace 172 129 name "GANYMEDE_PERMIT"

filter acl ace action 172 129 permit

filter acl ace ethernet 172 129 ether-type eq ip

filter acl ace ip 172 129 src-ip eq 100.20.172.0

filter acl ace ip 172 129 dst-ip eq 100.6.100.225

filter acl ace 172 129 enable

filter acl ace 172 130 name "PWC_VPN_ERISIM"

filter acl ace action 172 130 permit

filter acl ace ethernet 172 130 ether-type eq ip

filter acl ace ip 172 130 src-ip eq 100.20.172.0

filter acl ace ip 172 130 ip-protocol-type eq tcp

filter acl ace protocol 172 130 dst-port eq 11160

filter acl ace 172 130 enable

filter acl ace 172 131 name "ISAKMP"

filter acl ace action 172 131 permit

filter acl ace ethernet 172 131 ether-type eq ip

filter acl ace ip 172 131 ip-protocol-type eq udp

filter acl ace protocol 172 131 dst-port eq 500

filter acl ace 172 131 enable

filter acl ace 172 132 name "ESP"

filter acl ace action 172 132 permit

filter acl ace ethernet 172 132 ether-type eq ip

filter acl ace ip 172 132 ip-protocol-type eq 50

filter acl ace 172 132 enable

filter acl ace 172 133 name "LOGLAMAK_ICIN"

filter acl ace action 172 133 permit redirect-next-hop 100.20.150.34

filter acl ace ethernet 172 133 ether-type eq ip

filter acl ace ip 172 133 src-ip eq 100.20.172.72

filter acl ace 172 140 name "DENY_ANY_ANY"

filter acl ace action 172 140 deny

filter acl ace ethernet 172 140 ether-type eq ip

filter acl ace ip 172 140 src-ip eq 0.0.0.0

filter acl ace ip 172 140 dst-ip eq 0.0.0.0

filter acl ace 172 140 enable

filter acl 802 type inVlan name "NICE-CLS_ACL-in"

filter acl vlan 802 802

filter acl 802 disable

filter acl ace 802 1 name "NICE_to_NICE"

filter acl ace action 802 1 permit

filter acl ace ethernet 802 1 ether-type eq ip

filter acl ace ip 802 1 dst-ip eq 100.20.174.32

filter acl ace 802 1 enable

filter acl ace 802 10 name "ICMP_PERMIT"

filter acl ace action 802 10 permit

filter acl ace ethernet 802 10 ether-type eq ip

filter acl ace ip 802 10 ip-protocol-type eq icmp

filter acl ace 802 10 enable

filter acl ace 802 20 name "IGMP_PERMIT"

filter acl ace action 802 20 permit

filter acl ace ethernet 802 20 ether-type eq ip

filter acl ace ip 802 20 ip-protocol-type eq 2

filter acl ace 802 20 enable

filter acl ace 802 30 name "VRRP_PERMIT"

filter acl ace action 802 30 permit

filter acl ace ethernet 802 30 ether-type eq ip

filter acl ace ip 802 30 ip-protocol-type eq vrrp

filter acl ace 802 30 enable

filter acl ace 802 40 name "DNS_PERMIT"

filter acl ace action 802 40 permit

filter acl ace ethernet 802 40 ether-type eq ip

filter acl ace ip 802 40 src-ip eq 100.20.174.32

filter acl ace ip 802 40 dst-ip eq 100.20.104.0

filter acl ace protocol 802 40 dst-port eq dns

filter acl ace 802 40 enable

filter acl ace 802 45 name "DC-EXCH-DNS"

filter acl ace action 802 45 permit

filter acl ace ethernet 802 45 ether-type eq ip

filter acl ace ip 802 45 dst-ip eq 100.20.104.0

filter acl ace 802 45 enable

filter acl ace 802 50 name "ESTABLISHED RST"

filter acl ace action 802 50 permit

filter acl ace ethernet 802 50 ether-type eq ip

filter acl ace ip 802 50 src-ip eq 100.20.174.32

filter acl ace ip 802 50 ip-protocol-type eq tcp

filter acl ace protocol 802 50 dst-port eq 1023

filter acl ace protocol 802 50 tcp-flags eq rst

filter acl ace 802 50 enable

filter acl ace 802 51 name "ESTABLISHED ACK"

filter acl ace action 802 51 permit

filter acl ace ethernet 802 51 ether-type eq ip

filter acl ace ip 802 51 src-ip eq 100.20.174.32

filter acl ace ip 802 51 ip-protocol-type eq tcp

filter acl ace protocol 802 51 dst-port eq 1023

filter acl ace protocol 802 51 tcp-flags eq ack

filter acl ace 802 51 enable

filter acl ace 802 52 ame "UDP_Permit"

filter acl ace 802 52 action permit

filter acl ace ethernet 802 52 ether-type eq ip

filter acl ace ip 802 52 ip-protocol-type eq udp

filter acl ace 802 52 enable

filter acl ace 802 60 name "NICE_Logging"

filter acl ace action 802 60 permit

filter acl ace ethernet 802 60 ether-type eq ip

filter acl ace ip 802 60 src-ip eq 100.20.174.32

filter acl ace ip 802 60 ip-protocol-type eq tcp

filter acl ace protocol 802 60 dst-port eq 2011

filter acl ace 802 60 enable

filter acl ace 802 65 name "RTS_Conn"

filter acl ace action 802 65 permit

filter acl ace ethernet 802 65 ether-type eq ip

filter acl ace ip 802 65 dst-ip eq 100.20.152.20

filter acl ace 802 65 enable

filter acl ace 802 70 name "CTI_Conn"

filter acl ace action 802 70 permit

filter acl ace ethernet 802 70 ether-type eq ip

filter acl ace ip 802 70 src-ip eq 100.20.174.32

filter acl ace ip 802 70 ip-protocol-type eq tcp

filter acl ace protocol 802 70 dst-port eq 3750

filter acl ace 802 70 enable

filter acl ace 802 90 name "LOGLAMA"

filter acl ace action 802 90 permit redirect-next-hop 100.20.150.217

filter acl ace ethernet 802 90 ether-type eq ip

filter acl ace ip 802 90 src-ip eq 0.0.0.0

filter acl ace 802 100 name "DENY_ANY"

filter acl ace action 802 100 deny

filter acl ace ethernet 802 100 ether-type eq ip

filter acl ace ip 802 100 src-ip eq 0.0.0.0

filter acl ace ip 802 100 dst-ip eq 0.0.0.0

filter acl ace 802 100 enable

filter acl 804 type inVlan name "BASIM_LIMITED-in"

filter acl vlan 804 804

filter acl ace 804 5 name "Basim_to_Basim"

filter acl ace action 804 5 permit

filter acl ace ethernet 804 5 ether-type eq ip

filter acl ace ip 804 5 dst-ip eq 100.20.174.96

filter acl ace 804 5 enable

filter acl ace 804 10 name "ICMP_PERMIT"

filter acl ace action 804 10 permit

filter acl ace ethernet 804 10 ether-type eq ip

filter acl ace ip 804 10 ip-protocol-type eq icmp

filter acl ace 804 10 enable

filter acl ace 804 20 name "IGMP_PERMIT"

filter acl ace action 804 20 permit

filter acl ace ethernet 804 20 ether-type eq ip

filter acl ace ip 804 20 ip-protocol-type eq 2

filter acl ace 804 20 enable

filter acl ace 804 30 name "VRRP_PERMIT"

filter acl ace action 804 30 permit

filter acl ace ethernet 804 30 ether-type eq ip

filter acl ace ip 804 30 ip-protocol-type eq vrrp

filter acl ace 804 30 enable

filter acl ace 804 40 name "DNS_PERMIT"

filter acl ace action 804 40 permit

filter acl ace protocol 804 40 dst-port eq dns

filter acl ace 804 40 enable

filter acl ace 804 45 name "DC-EXCH-DNS"

filter acl ace action 804 45 permit

filter acl ace ethernet 804 45 ether-type eq ip

filter acl ace ip 804 45 dst-ip eq 100.20.104.0

filter acl ace 804 45 enable

filter acl ace 804 50 name "ESTABLISHED RST"

filter acl ace action 804 50 permit

filter acl ace ethernet 804 50 ether-type eq ip

filter acl ace ip 804 50 src-ip eq 100.20.174.97

filter acl ace ip 804 50 ip-protocol-type eq tcp

filter acl ace protocol 804 50 dst-port eq 1023

filter acl ace protocol 804 50 tcp-flags eq rst

filter acl ace 804 50 enable

filter acl ace 804 51 name "ESTABLISHED ACK"

filter acl ace action 804 51 permit

filter acl ace ethernet 804 51 ether-type eq ip

filter acl ace ip 804 51 src-ip eq 100.20.174.97

filter acl ace ip 804 51 ip-protocol-type eq tcp

filter acl ace protocol 804 51 dst-port eq 1023

filter acl ace protocol 804 51 tcp-flags eq ack

filter acl ace 804 51 enable

filter acl ace 804 60 name "E-BANK_ERISIM"

filter acl ace action 804 60 permit

filter acl ace ethernet 804 60 ether-type eq ip

filter acl ace ip 804 60 dst-ip eq 100.20.115.11

filter acl ace ip 804 60 ip-protocol-type eq tcp

filter acl ace protocol 804 60 tcp-dst-port eq 80

filter acl ace 804 60 enable

filter acl ace 804 70 name "E-BANK_ERISIM_HTTPS"

filter acl ace action 804 70 permit

filter acl ace ethernet 804 70 ether-type eq ip

filter acl ace ip 804 70 dst-ip eq 100.20.115.11

filter acl ace ip 804 70 ip-protocol-type eq tcp

filter acl ace protocol 804 70 dst-port eq 443

filter acl ace 804 70 enable

filter acl ace 804 80 name "FRED_Erisim"

filter acl ace action 804 80 permit

filter acl ace ethernet 804 80 ether-type eq ip

filter acl ace ip 804 80 dst-ip eq 100.20.100.145

filter acl ace 804 80 enable

filter acl ace 804 81 name "BARNEY_Erisim"

filter acl ace action 804 81 permit

filter acl ace ethernet 804 81 ether-type eq ip

filter acl ace ip 804 81 dst-ip eq 100.20.100.151

filter acl ace 804 81 enable

filter acl ace 804 90 name "BUFFY_ERISIM"

filter acl ace action 804 90 permit

filter acl ace ethernet 804 90 ether-type eq ip

filter acl ace ip 804 90 dst-ip eq 100.20.100.77

filter acl ace ip 804 90 ip-protocol-type eq tcp

filter acl ace protocol 804 90 dst-port eq 1433

filter acl ace 804 90 enable

filter acl ace create 804 100 name "ROMTest_ERISIM"

filter acl ace action 804 100 permit

filter acl ace ethernet 804 100 ether-type eq ip

filter acl ace ip 804 100 dst-ip eq 100.20.24.77

filter acl ace ip 804 100 ip-protocol-type eq tcp

filter acl ace protocol 804 100 dst-port eq 1433

filter acl ace 804 100 enable

filter acl ace 804 101 name "Mrksql-t0_ERISIM"

filter acl ace action 804 101 permit

filter acl ace ethernet 804 101 ether-type eq ip

filter acl ace ip 804 101 dst-ip eq 100.20.20.77

filter acl ace ip 804 101 ip-protocol-type eq tcp

filter acl ace protocol 804 101 dst-port eq 1433

filter acl ace 804 101 enable

filter acl ace 804 110 name "ROSETTA_ERISIM"

filter acl ace action 804 110 permit

filter acl ace ethernet 804 110 ether-type eq ip

filter acl ace ip 804 110 dst-ip eq 172.17.1.100

filter acl ace 804 110 enable

filter acl ace 804 120 name "PLAST_ERISIM"

filter acl ace action 804 120 permit

filter acl ace ethernet 804 120 ether-type eq ip

filter acl ace ip 804 120 dst-ip eq 212.57.7.20

filter acl ace 804 120 enable

filter acl ace 804 130 name "AV-Yama_YONETIM_2967"

filter acl ace action 804 130 permit

filter acl ace ethernet 804 130 ether-type eq ip

filter acl ace ip 804 130 ip-protocol-type eq tcp

filter acl ace protocol 804 130 dst-port eq 2967

filter acl ace 804 130 enable

filter acl ace 804 140 name "AV-Yama_YONETIM_9968"

filter acl ace action 804 140 permit

filter acl ace ethernet 804 140 ether-type eq ip

filter acl ace ip 804 140 ip-protocol-type eq tcp

filter acl ace protocol 804 140 dst-port eq 9968

filter acl ace 804 140 enable

filter acl ace 804 150 name "AV-Yama_YONETIM_UDP_2967"

filter acl ace action 804 150 permit

filter acl ace ethernet 804 150 ether-type eq ip

filter acl ace ip 804 150 ip-protocol-type eq udp

filter acl ace protocol 804 150 dst-port eq 2967

filter acl ace 804 150 enable

filter acl ace 804 160 name "AV-Yama_YONETIM_UDP_9968"

filter acl ace action 804 160 permit

filter acl ace ethernet 804 160 ether-type eq ip

filter acl ace ip 804 160 ip-protocol-type eq udp

filter acl ace protocol 804 160 dst-port eq 9968

filter acl ace 804 160 enable

filter acl ace 804 170 name "AV-Yama_YONETIM_UDP_Source"

filter acl ace action 804 170 permit

filter acl ace ethernet 804 170 ether-type eq ip

filter acl ace ip 804 170 ip-protocol-type eq udp

filter acl ace protocol 804 170 src-port eq 9968

filter acl ace 804 170 enable

filter acl ace 804 210 name "PROXY_ERISIM_EK"

filter acl ace action 804 210 permit

filter acl ace ethernet 804 210 ether-type eq ip

filter acl ace ip 804 210 dst-ip eq 100.20.189.0

filter acl ace ip 804 210 ip-protocol-type eq tcp

filter acl ace protocol 804 210 dst-port eq 8080

filter acl ace 804 210 enable

filter acl ace 804 220 name "LOGLAMA"

filter acl ace action 804 220 permit redirect-next-hop 100.20.150.217

filter acl ace ethernet 804 220 ether-type eq ip

filter acl ace ip 804 220 src-ip eq 0.0.0.0

filter acl ace 804 230 name "DENY_ANY"

filter acl ace action 804 230 deny

filter acl ace ethernet 804 230 ether-type eq ip

filter acl ace ip 804 230 src-ip eq 0.0.0.0

filter acl ace ip 804 230 dst-ip eq 0.0.0.0

filter acl ace 804 230 enable

filter acl 805 type inVlan name "SBS_Remote"

filter acl vlan 805 805

filter acl ace 805 5 name "SBS-to-SBS"

filter acl ace action 805 5 permit

filter acl ace ethernet 804 5 ether-type eq ip

filter acl ace ip 805 5 dst-ip eq 100.20.174.128

filter acl ace 805 5 enable

filter acl ace 805 10 name "ICMP_PERMIT"

filter acl ace action 805 10 permit

filter acl ace ethernet 805 10 ether-type eq ip

filter acl ace ip 805 10 ip-protocol-type eq icmp

filter acl ace 805 10 enable

filter acl ace 805 20 name "IGMP_PERMIT"

filter acl ace action 805 20 permit

filter acl ace ethernet 805 20 ether-type eq ip

filter acl ace ip 805 20 ip-protocol-type eq 2

filter acl ace 805 20 enable

filter acl ace 805 30 name "VRRP_PERMIT"

filter acl ace action 805 30 permit

filter acl ace ethernet 805 30 ether-type eq ip

filter acl ace ip 805 30 ip-protocol-type eq vrrp

filter acl ace 805 30 enable

filter acl ace 805 40 name "DNS_PERMIT"

filter acl ace action 805 40 permit

filter acl ace protocol 805 40 dst-port eq 53

filter acl ace 805 40 enable

filter acl ace 805 50 name "ESTABLISHED RST"

filter acl ace action 805 50 permit

filter acl ace ethernet 805 50 ether-type eq ip

filter acl ace ip 805 50 src-ip eq 100.20.174.128

filter acl ace ip 805 50 ip-protocol-type eq tcp

filter acl ace protocol 805 50 dst-port eq 1023

filter acl ace protocol 805 50 tcp-flags eq rst

filter acl ace 805 50 enable

filter acl ace 805 51 name "ESTABLISHED ACK"

filter acl ace action 805 51 permit

filter acl ace ethernet 805 51 ether-type eq ip

filter acl ace ip 805 51 src-ip eq 100.20.174.128

filter acl ace ip 805 51 ip-protocol-type eq tcp

filter acl ace protocol 805 51 dst-port eq 1023

filter acl ace protocol 805 51 tcp-flags eq ack

filter acl ace 805 51 enable

filter acl ace 805 80 name "DC_DNS_EXCH_PERMIT"

filter acl ace action 805 80 permit

filter acl ace ethernet 805 80 ether-type eq ip

filter acl ace ip 805 80 dst-ip eq 100.20.104.0

filter acl ace 805 80 enable

filter acl ace 805 90 name "HTTP_PERMIT"

filter acl ace action 805 90 permit

filter acl ace ethernet 805 90 ether-type eq ip

filter acl ace ip 805 90 ip-protocol-type eq tcp

filter acl ace protocol 805 90 dst-port eq 80

filter acl ace 805 90 enable

filter acl ace 805 100 name "HTTPS_PERMIT"

filter acl ace action 805 100 permit

filter acl ace ethernet 805 100 ether-type eq ip

filter acl ace ip 805 100 ip-protocol-type eq tcp

filter acl ace protocol 805 100 dst-port eq 443

filter acl ace 805 100 enable

filter acl ace 805 105 name "REMDESKTOP_PERMIT"

filter acl ace action 805 105 permit

filter acl ace ethernet 805 105 ether-type eq ip

filter acl ace ip 805 105 ip-protocol-type eq tcp

filter acl ace protocol 805 105 dst-port eq 3389

filter acl ace 805 105 enable

filter acl ace 805 110 name "PROXY_8080_PERMIT"

filter acl ace action 805 110 permit

filter acl ace ethernet 805 110 ether-type eq ip

filter acl ace ip 805 110 dst-ip eq 100.20.189.0

filter acl ace ip 805 110 ip-protocol-type eq tcp

filter acl ace protocol 805 110 dst-port eq 8080

filter acl ace 805 110 enable

filter acl ace 805 120 name "DAMEWARE_PERMIT"

filter acl ace action 805 120 permit

filter acl ace ethernet 805 120 ether-type eq ip

filter acl ace ip 805 120 src-ip eq 100.20.174.128

filter acl ace protocol 805 120 dst-port eq 445,6129

filter acl ace 805 120 enable

filter acl ace 805 140 name "DENY_ANY_ANY"

filter acl ace action 805 140 deny

filter acl ace ethernet 805 140 ether-type eq ip

filter acl ace ip 805 140 src-ip eq 0.0.0.0

filter acl ace ip 805 140 dst-ip eq 0.0.0.0

filter acl ace 805 140 enable

filter acl vlan 1802 802

filter acl 1802 disable

filter acl ace 1802 10 name "ICMP_PERMIT"

filter acl ace action 1802 10 permit

filter acl ace ethernet 1802 10 ether-type eq ip

filter acl ace ip 1802 10 ip-protocol-type eq icmp

filter acl ace 1802 10 enable

filter acl ace 1802 20 name "IGMP_PERMIT"

filter acl ace action 1802 20 permit

filter acl ace ethernet 1802 20 ether-type eq ip

filter acl ace ip 1802 20 ip-protocol-type eq 2

filter acl ace 1802 20 enable

filter acl ace 1802 30 name "VRRP_PERMIT"

filter acl ace action 1802 30 permit

filter acl ace ethernet 1802 30 ether-type eq ip

filter acl ace ip 1802 30 ip-protocol-type eq vrrp

filter acl ace 1802 30 enable

filter acl ace 1802 51 name "UDP_Permit"

filter acl ace action 1802 51 permit

filter acl ace ethernet 1802 51 ether-type eq ip

filter acl ace ip 1802 51 ip-protocol-type eq udp

filter acl ace 1802 51 enable

filter acl ace 1802 60 name "NICE_Logging"

filter acl ace action 1802 60 permit

filter acl ace ethernet 1802 60 ether-type eq ip

filter acl ace ip 1802 60 src-ip eq 100.20.174.32

filter acl ace protocol 1802 60 dst-port eq 2011

filter acl ace 1802 60 enable

filter acl ace 1802 100 name "DENY_ANY"

filter acl ace action 1802 100 deny

filter acl ace ip 1802 100 src-ip eq 0.0.0.0

filter acl ace ip 1802 100 dst-ip eq 0.0.0.0

filter acl ace 1802 100 enable

filter acl vlan 1804 804

filter acl ace 1804 5 name "BASIM-to-BASIM"

filter acl ace action 1804 5 permit

filter acl ace ethernet 1804 10 ether-type eq ip

filter acl ace ip 1804 5 src-ip eq 100.20.174.96

filter acl ace ip 1804 5 dst-ip eq 100.20.174.96

filter acl ace 1804 5 enable

filter acl ace 1804 10 name "ICMP_PERMIT"

filter acl ace action 1804 10 permit

filter acl ace ethernet 1804 10 ether-type eq ip

filter acl ace ip 1804 10 ip-protocol-type eq icmp

filter acl ace 1804 10 enable

filter acl ace 1804 20 create name "IGMP_PERMIT"

filter acl ace action 1804 20 permit

filter acl ace ethernet 1804 20 ether-type eq ip

filter acl ace ip 1804 20 ip-protocol-type eq 2

filter acl ace 1804 20 enable

filter acl ace 1804 30 name "VRRP_PERMIT"

filter acl ace action 1804 30 permit

filter acl ace ethernet 1804 30 ether-type eq ip

filter acl ace ip 1804 30 ip-protocol-type eq vrrp

filter acl ace 1804 30 enable

filter acl ace 1804 40 create name "DNS_PERMIT"

filter acl ace action 1804 40 permit

filter acl ace protocol 1804 40 src-port eq 53

filter acl ace 1804 40 enable

filter acl ace 1804 45 name "DC-EXCH-DNS"

filter acl ace action 1804 45 permit

filter acl ace ethernet 1804 45 ether-type eq ip

filter acl ace ip 1804 45 src-ip eq 100.20.104.0

filter acl ace 1804 45 enable

filter acl ace 1804 50 name "ESTABLISHED RST"

filter acl ace action 1804 50 permit

filter acl ace ethernet 1804 50 ether-type eq ip

filter acl ace ip 1804 50 dst-ip eq 100.20.174.97

filter acl ace ip 1804 50 ip-protocol-type eq tcp

filter acl ace protocol 1804 50 dst-port eq 1023

filter acl ace protocol 1804 50 tcp-flags eq rst

filter acl ace 1804 50 enable

filter acl ace 1804 51 name "ESTABLISHED ACK"

filter acl ace action 1804 51 permit

filter acl ace ethernet 1804 51 ether-type eq ip

filter acl ace ip 1804 51 dst-ip eq 100.20.174.97

filter acl ace ip 1804 51 ip-protocol-type eq tcp

filter acl ace protocol 1804 51 dst-port eq 1023

filter acl ace protocol 1804 51 tcp-flags eq ack

filter acl ace 1804 51 enable

filter acl ace 1804 80 name "PWC_ERISIM"

filter acl ace action 1804 80 permit

filter acl ace ethernet 1804 80 ether-type eq ip

filter acl ace ip 1804 80 src-ip eq 100.20.100.145

filter acl ace 1804 80 enable

filter acl ace 1804 110 name "ROSETTA_ERISIM"

filter acl ace action 1804 110 permit

filter acl ace ethernet 1804 110 ether-type eq ip

filter acl ace ip 1804 110 src-ip eq 172.17.1.100

filter acl ace 1804 110 enable

filter acl ace 1804 120 name "PLAST_ERISIM"

filter acl ace action 1804 120 permit

filter acl ace ethernet 1804 120 ether-type eq ip

filter acl ace ip 1804 120 src-ip eq 212.57.7.20

filter acl ace 1804 120 enable

filter acl ace 1804 130 name "AV-Yama_YONETIM_9968"

filter acl ace action 1804 130 permit

filter acl ace ethernet 1804 130 ether-type eq ip

filter acl ace ip 1804 130 ip-protocol-type eq tcp

filter acl ace protocol 1804 130 dst-port eq 9968

filter acl ace 1804 130 enable

filter acl ace 1804 140 name "AV-Yama_YONETIM_2967"

filter acl ace action 1804 140 permit

filter acl ace ethernet 1804 140 ether-type eq ip

filter acl ace ip 1804 140 ip-protocol-type eq tcp

filter acl ace protocol 1804 140 dst-port eq 2967

filter acl ace 1804 140 enable

filter acl ace 1804 150 name "AV-Yama_YONETIM_UDP_9968"

filter acl ace action 1804 150 permit

filter acl ace ethernet 1804 150 ether-type eq ip

filter acl ace ip 1804 50 ip-protocol-type eq udp

filter acl ace protocol 1804 50 dst-port eq 9968

filter acl ace 1804 40 enable

filter acl ace 1804 160 name "AV-Yama_YONETIM_UDP_2967"

filter acl ace action 1804 160 permit

filter acl ace ethernet 1804 160 ether-type eq ip

filter acl ace ip 1804 160 ip-protocol-type eq udp

filter acl ace protocol 1804 160 dst-port eq 2967

filter acl ace 1804 160 enable

filter acl ace 1804 180 create name "SUNUCU_YONETIM"

filter acl ace action 1804 180 permit

filter acl ace ethernet 1804 180 ether-type eq ip

filter acl ace ip 1804 180 src-ip eq 100.20.150.80

filter acl ace ip 1804 180 ip-protocol-type eq tcp

filter acl ace protocol 1804 180 dst-port eq 3389

filter acl ace 1804 180 enable

filter acl ace 1804 200 name "OTOMIZE_DEBIT_CARD_OPS"

filter acl ace action 1804 200 permit

filter acl ace ethernet 1804 200 ether-type eq ip

filter acl ace ip 1804 200 src-ip eq 100.20.114.0

filter acl ace ip 1804 200 ip-protocol-type eq tcp

filter acl ace protocol 1804 200 dst-port eq 445

filter acl ace 1804 200 enable

filter acl ace 1804 210 name "OTOMIZE_DEBIT_CARD_OPS"

filter acl ace action 1804 210 permit

filter acl ace ethernet 1804 210 ether-type eq ip

filter acl ace ip 1804 210 src-ip eq 100.20.24.0

filter acl ace ip 1804 210 ip-protocol-type eq tcp

filter acl ace protocol 1804 210 dst-port eq 445

filter acl ace 1804 210 enable

filter acl ace 1804 230 name "DENY_ANY"

filter acl ace action 1804 230 deny

filter acl ace ethernet 1804 230 ether-type eq ip

filter acl ace ip 1804 230 src-ip eq 0.0.0.0

filter acl ace ip 1804 230 dst-ip eq 0.0.0.0

filter acl ace 1804 230 enable