![background image](http://html1.mh-extra.com/html/patton-electronics/smartnode-series/smartnode-series_software-configuration-manual_4048643264.webp)
Examples
264
SmartWare Software Configuration Guide
24 • Access control list configuration
Examples
Denying a specific subnet
Figure 39
shows an example in which a server attached to network 172.16.1.0 shall not be accessible from outside
networks connected to IP interface
lan
. To prevent access, an incoming filter rule named
Jamming
is defined,
which blocks any IP traffic from network 172.16.2.0 and has to be bound to IP interface
lan
.
Figure 39. Deny a specific subnet on an interface
The commands that have to be entered are listed below.
172.16.2.1>enable
172.16.2.1#configure
172.16.2.1(cfg)#profile acl Jamming
172.16.2.1(pf-acl)[Jamming]#deny ip 172.16.2.0 0.0.0.255 172.16.1.0 0.0.0.255
172.16.2.1(pf-acl)[Jamming]#permit ip any any
172.16.2.1(pf-acl)[Jamming]#exit
172.16.2.1(cfg)#context ip router
172.16.2.1(cfg-ip)[router]#interface lan
172.16.2.1(if-ip)[lan]#use profile acl Jamming in
172.16.2.1(if-ip)[lan]#exit
172.16.2.1(cfg-ip)#copy running-config startup-config
Host
Server
Node
Node
172.16.2.1/24
172.16.1.1/24
secure
lan
172.16.1.0
172.16.2.0
172.16.2.13/24