Examples
264
SmartWare Software Configuration Guide
24 • Access control list configuration
Examples
Denying a specific subnet
Figure 39
shows an example in which a server attached to network 172.16.1.0 shall not be accessible from outside
networks connected to IP interface
lan
. To prevent access, an incoming filter rule named
Jamming
is defined,
which blocks any IP traffic from network 172.16.2.0 and has to be bound to IP interface
lan
.
Figure 39. Deny a specific subnet on an interface
The commands that have to be entered are listed below.
172.16.2.1>enable
172.16.2.1#configure
172.16.2.1(cfg)#profile acl Jamming
172.16.2.1(pf-acl)[Jamming]#deny ip 172.16.2.0 0.0.0.255 172.16.1.0 0.0.0.255
172.16.2.1(pf-acl)[Jamming]#permit ip any any
172.16.2.1(pf-acl)[Jamming]#exit
172.16.2.1(cfg)#context ip router
172.16.2.1(cfg-ip)[router]#interface lan
172.16.2.1(if-ip)[lan]#use profile acl Jamming in
172.16.2.1(if-ip)[lan]#exit
172.16.2.1(cfg-ip)#copy running-config startup-config
Host
Server
Node
Node
172.16.2.1/24
172.16.1.1/24
secure
lan
172.16.1.0
172.16.2.0
172.16.2.13/24
Содержание SmartNode Series
Страница 250: ...RIP configuration task list 250 SmartWare Software Configuration Guide 23 RIP configuration rip enabled ...
Страница 635: ...635 Appendix A Terms and definitions Chapter contents Introduction 636 SmartWare architecture terms and definitions 636 ...
Страница 641: ...641 Appendix B Mode summary Chapter contents Introduction 642 ...
Страница 648: ...648 Appendix D Internetworking terms acronyms Chapter contents Abbreviations 649 ...
Страница 653: ...653 Appendix E Used IP ports available voice codecs Chapter contents Used IP ports 654 Available voice codecs 655 ...