Named acls, Time range applied to an ip acl – Dell POWEREDGE M1000E User Manual

Page 762

Advertising
background image

34-26

Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide

OL-13270-03

Chapter 34 Configuring Network Security with ACLs

Configuring IPv4 ACLs

Named ACLs

This example creates a standard ACL named internet_filter and an extended ACL named
marketing_group. The internet_filter ACL allows all traffic from the source address 1.2.3.4.

Switch(config)# ip access-list standard Internet_filter

Switch(config-ext-nacl)# permit 1.2.3.4

Switch(config-ext-nacl)# exit

The marketing_group ACL allows any TCP Telnet traffic to the destination address and wildcard
171.69.0.0 0.0.255.255 and denies any other TCP traffic. It permits any other IP traffic. It permits ICMP
traffic, denies UDP traffic from any source to the destination address range 171.69.0.0 through
179.69.255.255 with a destination port less than 1024, denies any other IP traffic, and provides a log of
the result.

Switch(config)# ip access-list extended marketing_group

Switch(config-ext-nacl)# permit tcp any 171.69.0.0 0.0.255.255 eq telnet

Switch(config-ext-nacl)# deny tcp any any

Switch(config-ext-nacl)# permit icmp any any

Switch(config-ext-nacl)# deny udp any 171.69.0.0 0.0.255.255 lt 1024

Switch(config-ext-nacl)# deny ip any any log

Switch(config-ext-nacl)# exit

The Internet_filter ACL is applied to outgoing traffic and the marketing_group ACL is applied to
incoming traffic on a Layer 3 port.

Switch(config)# interface gigabitethernet3/0/2

Switch(config-if)# no switchport

Switch(config-if)# ip address 2.0.5.1 255.255.255.0

Switch(config-if)# ip access-group Internet_filter out

Switch(config-if)# ip access-group marketing_group in

Time Range Applied to an IP ACL

This example denies HTTP traffic on IP on Monday through Friday between the hours of 8:00 a.m. and
6:00 p.m (18:00). The example allows UDP traffic only on Saturday and Sunday from noon to 8:00 p.m.
(20:00).

Switch(config)# time-range no-http

Switch(config)# periodic weekdays 8:00 to 18:00

!

Switch(config)# time-range udp-yes

Switch(config)# periodic weekend 12:00 to 20:00

!

Switch(config)# ip access-list extended strict

Switch(config-ext-nacl)# deny tcp any any eq www time-range no-http

Switch(config-ext-nacl)# permit udp any any time-range udp-yes

!

Switch(config-ext-nacl)# exit

Switch(config)# interface gigabitethernet2/0/1

Switch(config-if)# ip access-group strict in

Advertising
Popular Brands
Popular manuals