Access Control Lists
Motorola, Inc.
549453-001-00-a
Page 18 of 51
A
A
c
c
c
c
e
e
s
s
s
s
C
C
o
o
n
n
t
t
r
r
o
o
l
l
L
L
i
i
s
s
t
t
s
s
(
(
A
A
C
C
L
L
s
s
)
)
The Tut OS provides layer 3 ACLs based on an administrator defined IP addresses and pre-defined services. The
pre-defined services are HTTP, FTP, Telnet, SNMP. The Tut OS ACLs supports 10 indexed entries. Each index
entry can contain an IP address, pre-defined service, or combination of IP address and service.
ACLs are processed from index 1 through index 10. If no matches are found, the access is granted.
Place the most restrictive access rules on the lower index number.
To enter ACLs from the CLI, use the following command:
ip access-list config
<
1-10
(index)> <
deny|permit
(type)> [
ip-address
#.#.#.#] [
mask
#.#.#.#] [
service
all|ftp|telnet|http|snmp
]
Ex: To block all HTTP access from any device, enter:
ip access-list config 1 deny http
Ex: To block all network access from all devices except Telnet from a specific subnet, enter:
ip access-list config 1 permit ip-address 64.174.72.129 mask 255.255.255.128 service telnet
ip
access-list
config 10 deny service all
Note: A 32-bit subnet mask will specify one single device with the specified IP address
