
OnSite 2800 Series User Manual | 7 • Access control list configuration |
|
|
Examples
Denying a specific subnet
Figure 16 shows an example in which a server attached to network 172.16.1.0 shall not be accessible from outside networks connected to IP interface lan of the OnSite device. To prevent access, an incoming filter rule named Jamming is defined, which blocks any IP traffic from network 172.16.2.0 and has to be bound to IP interface lan.
172.16.1.0 | 172.16.2.0 |
Server
secure | lan |
NodeNode
172.16.1.1/24172.16.2.1/24
Host
172.16.2.13/24
Figure 16. Deny a specific subnet on an interface
The commands that have to be entered are listed below. The commands access the OnSite device via a Telnet session running on a host with IP address 172.16.2.13, which accesses the OnSite via IP interface lan.
172.16.2.1>enable
172.16.2.1#configure 172.16.2.1(cfg)#profile acl Jamming
172.16.2.1(cfg)#context ip router
Examples | 92 |