![background image](http://html1.mh-extra.com/html/audiocodes/mediant-500l-msbr/mediant-500l-msbr_configuration-manual_3011251009.webp)
Configuration Guide
2. Access Control List
Version 7.2
9
Security Setup
2
Access Control List
The device supports access control lists (ACL). The ACLs are tools to categorize traffic
based on source IP or/and destination IP, protocols or ports used by traffic. The
categorization is done by matching traffic to rules defined in the ACL. The ACLs usually work
in combination with other features such as QoS, Firewall, IPSec and NAT. The ACLs are
used to select which traffic to apply to which feature. The device supports two types of ACLs
– connectionless and connection-aware or stateful. Connection-aware access lists only
match first packets based on a rule, for example, traffic from source to destination.
Subsequent packets with the same rule are categorized without matching. This saves CPU
and memory resources. The ACLs can only be configured on Layer-3 interfaces.
To configure ACLs, use the following commands:
Table 2-1: Access Control List
Command
Description
# configure data
Enter the data configuration menu.
(config-data)# access-list
[number or word] [deny or
permit] <protocol> <source>
<source port> <destination>
<destination port> <mode> [log]
[number or word] – ACL can be addressed
using a number or a word.
Note:
access-list
names are case sensitive.
[deny or permit] – connection using this rule
is denied or permitted using this keyword.
<protocol> - connection is matched using
one of the protocols: tcp, udp, ah, esp, gre,
icmp, igmp, ip or manually selected using a
number, 0 to 255, that represents the
protocol field of the IP packet.
<source> - source can be selected as a
single host IP address, range of IP
addresses with mask or local address. It
also can be "any" address. Range of IP
addresses need to be selected using
wildcard.
<source port> - source can be matched
using TCP or UDP port. The <source port>
can be omitted.
<destination> - destination can be selected
as a single host IP address, range of IP
addresses with mask or local address. It
also can be "any" address. Range of IP
addresses needs to be selected using a
wildcard.
<destination port> - destination can be
matched using TCP or UDP port. The
<destination port> can be omitted.
<mode> - mode of the ACL. If the keyword
"established" is used, the ACL will be
connection aware. If the keyword "stateless"
is used, the ACL will be connectionless. The
keyword "dscp" can be used to match the
DSCP field of the IP packet. By default, the
ACL will be connection aware. The <mode>
can be omitted.
[LOG] – if the log keyword is used, if a
packet matches the rule, the event is logged
Summary of Contents for Mediant 500L MSBR
Page 2: ......
Page 4: ...Mediant MSBRs 4 Document LTRT 31828 Security Setup This page is intentionally left blank...
Page 8: ...Mediant MSBRs 8 Document LTRT 31828 Security Setup This page is intentionally left blank...
Page 12: ...Mediant MSBRs 12 Document LTRT 31828 Security Setup This page is intentionally left blank...
Page 16: ...Mediant MSBRs 16 Document LTRT 31828 Security Setup This page is intentionally left blank...
Page 18: ...Mediant MSBRs 18 Document LTRT 31828 Security Setup This page is intentionally left blank...
Page 24: ...Mediant MSBRs 24 Document LTRT 31828 Security Setup This page is intentionally left blank...
Page 28: ...Mediant MSBRs 28 Document LTRT 31828 Security Setup This page is intentionally left blank...
Page 54: ...Mediant MSBRs 54 Document LTRT 31828 Security Setup This page is intentionally left blank...
Page 62: ...Mediant MSBRs 62 Document LTRT 31828 Security Setup This page is intentionally left blank...
Page 72: ...Mediant MSBRs 72 Document LTRT 31828 Security Setup This page is intentionally left blank...