162 Access
Control
List Configuration
•
An empty access control list is treated as an implicit “deny ip any any” list.
Note:
Two or more administrators should
not simultaneously edit the configuration file. This is
especially the case with access lists. Doing this can have unpredictable results.
Once in access control list configuration mode, each command creates a statement in the access
control list. When the access control list is applied, the action performed by each statement is one of
the following:
•
permit
statement causes any packet matching the criteria to be accepted.
•
deny
statement causes any packet matching the criteria to be dropped.
To delete an entire access control list, enter configuration mode and use the
no
form of the
profile acl
command, naming the access list to be deleted, e.g. no profile acl
name
. To unbind an access list from
the interface to which it was applied, enter the IP interface mode and use the no form of the access
control list command.
19.2 Software Configuration Guide Release 2.10 Task List
To configure an IP access control list, perform the tasks in the following sections.
•
Map out the goals of the access control list
•
Create an access control list profile and enter configuration mode
•
Add a filter rule to the current access control list profile
•
Add an ICMP filter rule to the current access control list profile
•
Add a TCP, UDP or SCTP filter rule to the current access control list profile
•
Bind and unbind an access control list profile to an ip interface
•
Display an access control list profile
•
Debug an access control list profile
19.3 Map Out the Goals of the Access Control List
To create an access control list you must:
•
Specify the protocol to be filtered,
•
Assign a unique name to the access list, and
•
Define packet-filtering criteria.
A single access control list can have multiple filtering criteria statements.
Before you begin to enter the commands that create and configure the IP access control list, be sure
that you are clear about what you want to achieve with the list. Consider whether it is better to deny
specific accesses and permit all others or to permit specific accesses and deny all others.
Note:
Since a single access control list can have multiple filtering criteria statements, editing those
entries online can be uncomfortable. Therefore we recommend editing multifaceted access control
list offline within a configuration file and downloading the configuration file later via TFTP to your
SmartNode device.
19.4 Create an Access Control List Profile and Enter
Configuration Mode
Procedure
Software Configuration Guide Release 2.10, Revision 1.00
To create an IP access control list and enter access control list configuration mode
Summary of Contents for SmartWare Release 2.10
Page 2: ...2 Legal Notice Software Configuration Guide Release 2 10 Revision 1 00...
Page 15: ...Terms and Definitions 15 Software Configuration Guide Release 2 10 Revision 1 00...
Page 218: ...218 PPP Configuration no shutdown Software Configuration Guide Release 2 10 Revision 1 00...
Page 272: ...272 Tone Configuration Software Configuration Guide Release 2 10 Revision 1 00...