Defining access lists – ATL Telecom R1-SW Ethernet Switch User Manual

Page 217

Advertising
background image

Configuring Security

10-7

Defining Access Lists

The Corecess R1-SW24L2B provides basic traffic filtering capabilities with access control lists.
You can configure access lists at your system to control access to a network: access lists can
prevent certain traffic from entering or exiting a network.

To define access lists, enter the following command in Privileged mode:

Table 10-2 Defining access lists

Command

Task

configure terminal

1.

Enter the Global configuration mode.

access-list

<list-number>

{permit|deny} <source-ip>

[<wildcard>]

access-list

<list-number>

{permit|deny}

host

<host-addr>

access-list

<list-number>

{permit|deny} any

2. Configure an ACL with the IP addresses you want to allow or

deny to access the system.

y <list-number>

: Number of the standard access list (1 ~

99, 1300 ~ 1999)

y

permit

: Permits the frame whose source address matches

the condition.

y

deny

: Denies the frame whose source address matches the

condition.

y

dynamic

: Permits the frame whose source address

matches the condition dynamically.

y

<source-ip>

: The IP address of the source network or

host in hexadecimal form (xxx.xxx.xxx.xxx).

y

<wildcard>

: Wildcard bit to be applied to <source-

ip>

. The wildcard is a four-part value in dotted-decimal

notation (IP address format) consisting of ones and zeros.
Zeros in the mask mean the packet's source address must
match the <source-ip>. Ones mean any value matches.

y host

: Indicates only the specified IP address for which the

access actions are available.

y

any

: Configures the policy to match on all host addresses.

end

3. Return to the Privileged mode.

show access-list

4. Verify the defined access lists.

Note:
x The wildcard is a four-part value in dotted-decimal notation (IP address format) consisting of ones and zeros.

Zeros in the mask mean the packet's source address must match the <source-ip>. Ones mean any value
matches. For example, the <source-ip> and <wild-card> values 209.157.22.26 0.0.0.255 mean that all
hosts in the Class C sub-net 209.157.22.x match the policy.

x The packets that do not match any entries in an access list are denied.

Advertising
Popular Brands
Popular manuals