Controlling network access to the x330wan – Avaya X330WAN User Manual

Page 74

Advertising
background image

Chapter 4

Operational Concepts and Configuration Examples

52

Avaya X330WAN User’s Guide

Controlling Network Access to the X330WAN

X330WAN enables you to control access to its router interfaces using the “single
point of presence” characteristics of the Layer 2 Loopback interface. This is an
alternative to configuring Access Control rules separately on each router interface.
By activating Access Control rules on a Loopback interface, you can control all
traffic entering and leaving the X330WAN’s CPU. Different Access Lists can be
configured on the “Loopback in” and “Loopback out” interfaces.

Note:

A Policy list activated on a Loopback interface applies only to packets

destined to the router interface, and not to packets routed by the CPU.

For example:

An Access Control rule denying Telnet sessions placed on the

Loopback interface prevent Telnet access to the CPU, thus preventing any
configuration changes to the module. This rule does not prevent Telnet sessions
between any two users connected to the X330WAN interfaces.
Perform the following to activate such a Policy list on the Loopback interface using
the CLI:
1

Create an Access Control List by entering:

ip access-list 101 1 deny tcp

any any eq 23

Where 101 is the Access list number, 1 is the number of the Rule in the list, Deny
is the action, and 23 is the tcp Telnet port number.

2

Type

interface Loopback 1

to enter the Loopback1 interface.

3

Use the

ip access-group 101 in

command to activate the new Access

Control list created in step 1 on the ingress direction of the Loopback1 interface.

Note:

In order to apply an Access Control List to the router interfaces, the Policy

should be applied on Loopback1 interface (

interface loopback1

). If additional

Loopback interfaces have been created, applying Policy on them does not take
affect. No CLI message informs you of this during the configuration.

show ip composite-op

Displays a composite operation of a Policy list.

show ip active-access-

groups

Displays the active Policy list for each context/
direction.

Advertising
Popular Brands
Popular manuals