Re: Filtering Network Traffic

fmatrine · ‎01-27-2003

Hello,

I am using cisco router with 128kbps link to connect to my head office router.

I am using voice over ip as well as data (Including As/400 Application Lotus Notes and other traffic.

At times all my traffic data+voip floods across the Wan link and the Branch Office users get poor network response when they try to access their applications stored in the Head office server.

I want to Seperate the Traffic by using one more router i.e,

I will be using one 1700 series router with ISDN line to allow only MAIL applications.In short I want only my SMTP traffic to flow from the 1700 series router and the rest traffic (VOIP+AS/400) from my old router.

How to do that (One Way is to define access-list on 1700 router to allow only SMTP traffic and drop all other traffic) Sample configuration is welcomed.

Also any other Solution to the problem is Welcomed.

Thanks in advance.

a.manosca · ‎01-28-2003

I think a better design is to use both links as much as possible.

The main reason is redundancy, or load-balancing, or both.

Then use QoS for traffic prioritization. But this setup is not really

as simple as it looks.

As for the access-list configs, Extended ACL should be used.

A sample config could be like:

interface Ethernet0

ip address 172.16.1.1 255.255.0.0

ip access-group 100 in

access-list 100 permit tcp any host 172.17.1.100 eq smtp

access-list 100 deny tcp any any

access-list 100 permit ip any any

*The above config simply means, allow ANY source host's packet coming IN

Ethernet0's interface to be forwarded to the Mail server (172.17.1.00)

using only SMTP port (port 25).

Check the following link for info about ACLs:

http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml

Goodluck.