2 creating and modifying acls, 1 editing acls offline, Creating and modifying acls -6 – Riverstone Networks WICT1-12 User Manual

Page 536: Editing acls offline -6, Section 24.2, "creating and modifying acls

Advertising
background image

24-6 Riverstone Networks RS Switch Router User Guide Release 8.0

Creating and Modifying ACLs

Access Control List Configuration

Note

The ports that are associated with the interface to which the ACL is applied must
reside on updated RS hardware.

The following ACL illustrates this feature:

Any incoming TCP packet on interface int1 is examined, and if the packet is in response to an internal request, it is
permitted; otherwise, it is rejected. Note that the ACL contains no restriction for outgoing packets on interface int1,
since internal hosts are allowed to access the outside world.

24.2 CREATING AND MODIFYING ACLS

The RS provides two mechanisms for creating and modifying ACLs:

Editing ACLs on a remote host and uploading them to to the RS using TFTP or RCP

Using the RS’s ACL Editor

The following sections describe these methods.

24.2.1

Editing ACLs Offline

You can create and edit ACLs on a remote host and then upload them to the RS with TFTP or RCP. With this method,
you use a text editor on a remote host to edit, delete, replace, or reorder ACL rules in a file. Once the changes are made,
you can then upload the ACLs to the RS using TFTP or RCP and make them take effect on the running system. The
following example describes how you can use TFTP to help maintain ACLs on the RS.

Suppose the ACL ‘101’ is already defined and applied to an interface on the RS. To modify the ACL by uploading text
files, you will need to first negate the commands that define and apply the ACL 101. For example, the following
command stored in the text file acl.no will be used to negate commands related to the ACL 101:

The command no acl 101* negates all commands that start with “acl 101.” This tells the RS to remove the application
and the definition of ACL 101. (If you want to remove all ACL commands, enter no acl *.) The negation of all related
ACL commands is important because it removes any potential confusion caused by the addition of new ACL rules to
existing rules. Basically, the no acl command cleans up the system for the new ACL rules.

acl 101 permit tcp established

acl 101 apply interface int1 input

no acl 101*

Advertising
Popular Brands
Popular manuals