Maintaining acls using the acl editor, Configure acl, Defining an ip acl – Cabletron Systems SmartSwitch Router 9032578-02 User Manual
Page 176
Chapter 10: Security Configuration Guide
176
SmartSwitch Router User Reference Manual
Maintaining ACLs Using the ACL Editor
In addition to the traditional method of maintaining ACLs using TFTP or RCP, the SSR
provides a simpler and more user-friendly mechanism to maintain ACL: the ACL Editor.
The ACL Editor can only be accessed within Configure mode using the
acl-edit
command. You can specify the ACL you want to edit by specifying its name
together with the
acl-edit
command. For example, to edit ACL “101”, you issue the
command
acl-edit 101
. The only restriction is that when you edit a particular ACL, you
cannot add rules for a different ACL. You can only add new rules for the ACL that you are
currently editing. When the editing session is over, that is, when you are done making
changes to the ACL, you can save the changes and make them take effect immediately.
Within the ACL editor, you can add new rules (
add
command), delete existing rules
(
delete
command) and re-order the rules (
move
command). To save the changes, use the
save
command or simply exit the editor.
If you edit and save changes to an ACL that is currently being used or applied to an
interface, the changes will take effect immediately. There is no need to remove the ACL
from the interface before making changes and re-apply after changes are made. The whole
process is automatic.
Configure ACL
To configure an ACL, perform the following tasks:
1.
Determine the access control criteria you want to impose on traffic going to or
through the router.
2.
Determine where (which interface) you want to set up these controls.
Defining an IP ACL
To define an IP ACL, perform the following in the Configure mode:
Define an IP ACL.
acl
<name>
permit|deny
ip|tcp|udp|icmp|igmp
<srcaddr/mask>
|any
<dstaddr/mask>
|any
Note:
Additional fields depend on the
protocol type you select.