
OnSite 2800 Series User Manual | 7 • Access control list configuration |
|
|
Before you begin to enter the commands that create and configure the IP access control list, be sure that you are clear about what you want to achieve with the list. Consider whether it is better to deny specific accesses and permit all others or to permit specific accesses and deny all others.
Note Since a single access control list can have multiple filtering criteria statements, but editing those entries online can be tedious. Therefore, we recommend editing complex access control lists offline within a configuration file and downloading the configuration file later via TFTP to your OnSite device.
Creating an access control list profile and enter configuration mode
This procedure describes how to create an IP access control list and enter access control list configuration mode
Mode: Administrator execution
Step | Command | Purpose |
|
|
|
1node(cfg)#profile acl name Creates the access control list profile name and enters the configura- tion mode for this list
name is the name by which the access list will be known. Entering this command puts you into access control list configuration mode where you can enter the individual statements that will make up the access control list.
Use the no form of this command to delete an access control list profile. You cannot delete an access control list profile if it is currently linked to an interface. When you leave the access control list configuration mode, the new settings immediately become active.
Example: Create an access control list profile
In the following example the access control list profile named WanRx is created and the shell of the access con- trol list configuration mode is activated.
2800>enable
2800#configure 2800(cfg)#profile acl WanRx
Adding a filter rule to the current access control list profile
The commands permit or deny are used to define an IP filter rule. This procedure describes how to create an IP access control list entry that permits access
Mode: Profile access control list
Step | Command | Purpose |
|
|
|
1 |
| Creates an IP access of control list |
| host src} {dest | entry that permits access defined |
|
| according to the command |
|
| options |
|
|
|
This procedure describes how to create an IP access control list entry that denies access
Access control list configuration task list | 83 |