Asante Technologies 35516 user manual Creating an Access List with a Name, Operator equal to

Page 56

eq	Operator - equal to
gt	Operator - greater then
lt	Operator	-	less then
neq	Operator	-	NOT equal to
<cr>

Router(config)# $ list 101 deny tcp 192.168.123.0 0.0.0.255 192.168.124.0 eq ? <0-65535> Protocol port number

Router(config)# $ eny tcp 192.168.123.0 0.0.0.255 192.168.124.0 0.0.0.255 eq 21 Router(config)# $ eny tcp 192.168.123.0 0.0.0.255 192.168.124.0 0.0.0.255 eq 20 Router(config)# $ permit ip 192.168.123.0 0.0.0.255 0.0.0.0 255.255.255.255 Router(config)# exit

Router# show access-list

5.6.3 Creating an Access List with a Name

From the global configuration mode, you can also create access lists through the Router(config)# ip command. Through this method, you may name your access list, rather than using a number. The new prompt reflects the named access list mode.

Router(config)# ip		?
access-list		Named access-list
forward-protocol		Controls forwarding of physical and directed IP
prefix-list		Build a prefix list
route		Establish static routes
Router(config)# ip		access-list ?
standard	Standard Access List
extended	Extended Access List

Router(config)# ip access-list standard ?

WORD Access-list name or Standard IP access-list number <1-99> Router(config)# ip access-list standard test Router(config-std-nacl)# ?

deny	Specify packets to		reject
end	End current	mode and change to enable mode
exit	Exit current mode and down to previous mode
help	Description	of the	interactive help system
no	Negate a command or set its defaults
permit	Specify packets to		forward
quit	Exit current mode and down to previous mode
remark	Access list	entry comment

Router(config-std-nacl)#

At the Router(config-std-nacl)#prompt, you may proceed with the access list permit or deny statements.

5.6.4 Applying an Access List to an Interface

After creating your access lists, you must apply them to an interface in order to enable the access list. Enter the interface configuration mode for the desired interface. Each interface may have only one access list applied to it at one time. Access lists are applied to either inbound traffic or to outbound traffic.

In the next example, we will create an extended access list that will allow only SMTP traffic (port 25) to be sent out, and deny all other traffic.

56

Image 56

Contents IntraCore 35516 Series IntraCore 35516 Series Technical SupportTable of Contents Page Features IntroductionPackage Contents LEDsFront and Back Panel Descriptions GbicManagement and Configuration Console InterfaceHardware Installation and Setup Installation OverviewSafety Overview Recommended Installation ToolsInstallation into an Equipment Rack Power RequirementsEnvironmental Requirements Cooling and AirflowInstalling a Gbic Gigabit Interface ConvertersInstalling the Optional Emergency Power Supply Removing a GbicGbic Care and Handling System Information System up since 103443 Fri Feb 071 10/100/1000BaseT Ports Cabling Procedures Connecting PowerConnecting to the Network Connecting to a Console SetupGigabit Ethernet Ports Cabling Procedures User Access Verification Password Setting Passwords Unencrypted cleartext line passwordSpecifies an Unencrypted line password will follow Specifies a Hidden line password will followRouterconfig-if-veth1# Configuring an IP AddressSetting a Default IP Gateway Address Routerconfig# boot system flash bank1bank2 Restoring Factory DefaultsSystem Boot Parameters Understanding the Command Line Interface CLI User Top User Exec ModeAccess Each Command Mode Command Show ? PurposeCommand Purpose Privileged Top Privileged Exec ModeRouter enable Password Router# Command Exit end Ctrl-Z Purpose Global Configuration ModeCommand Purpose Router# configure terminal Interface Configuration Mode Router Configuration Mode Route-Map Configuration ModeAdvanced Features Supported within the Command Mode Command Help PurposeChecking Command Syntax Routerconfig# hostname ? Word This systems network nameRouterconfig# routed rip Invalid input detected at marker Routerconfig# route Ambiguous command. Routerconfig#Using CLI Command History Using the No and Default Forms of CommandsUsing Command-Line Editing Features and Shortcuts Routerconfig# router Command incomplete. Routerconfig#Moving Around on the Command Line Completing a Partial Command NameRouter# confTab Router# configure Keystrokes PurposeEditing Command Lines that Wrap Router# co? configure copy Router# coDeleting Entries Keystrokes Purpose Press the Delete or BackspaceRedisplaying the Current Command Line Scrolling Down a Line or a ScreenTransposing Mistyped Characters Controlling CapitalizationPasswords and Privileges Commands Enable PasswordPassword Routerconfig-line# password AsanteService Password-Encryption Managing the System and Configuration Files Setting the System ClockChanging the Password Managing the SystemEnable the System Log Displaying the Operating ConfigurationTrace Packet Routes Test Connections with Ping TestsManaging Configuration Files Configuring from the TerminalConfiguration to Nvram Routerconfig# hostname newname Newnameconfig# endCopying Configuration Files to a Network Server Configuring Snmp and Spanning Tree Configuring Snmp SupportRunning-config Startup-configConfiguring Spanning Tree Protocol STP Create or Modify Access Control for Snmp CommunityRouterconfig# duplicate-ip detect Disable the Snmp ProtocolForward Time Hello TimeMaximum Age PriorityRouterconfig# mac-address-table aging-time MAC Address TablePort Priority Port Path CostConfiguring IP Configuring IP AddressingAssign IP Addresses to Network Interfaces Class Address or Range StatusCidr Prefix Class C Equivalent Host Addresses Command PurposeAssign Multiple IP Addresses to Network Interfaces Establish Address Resolution Configuring IP RoutingDefine a Static ARP Cache SecondaryConfiguring Static Routes Route Source Default DistanceConfiguring RIP Enable RIPAllow Unicast Updates for RIP Neighbor ip-addressRedistribute Routing Information Command Purpose Route-map map-tagdeny permit sequenceSpecify a RIP Version Set Administrative Distance Set Metrics for Redistributed RoutesFiltering Routing Information Generate a Default RouteSuppress Routing Updates through an Interface Adjust Timers Enable or Disable Split-horizonManage Authentication Keys Command Purpose Offset-list access-list-name in outConfiguring IP Multicast Routing Monitor and Maintain RIPPurpose Ip igmp query-interval 1-65535 seconds Configuring IgmpModifying the Igmp Host-Query Message Interval Command Configuring the Router as a Statically Connected MemberChanging the Igmp Version SecondsConfiguring Dvmrp Nbr-timeout 35-8000 secondsDefault value 180 seconds Command Purpose Route-expire-time 20-4000 secondsDefault value 200 seconds Report-intervalUsing Access Lists Create a Standard Access ListCreate an Expanded Access List Destination address to match. e.gCreating an Access List with a Name Applying an Access List to an InterfaceOperator equal to Operator greater thenConfiguring Ospf Enable OspfConfigure ABR Type Command Purpose Router ospf StepConfigure Ospf Network Type Configure CompatibilityConfigure Ospf Interface Parameters Configure Ospf for Non-broadcast Networks Configure Area ParametersConfigure Ospf Not So Stubby Area Nssa Command Purpose Neighbor ip-address priority numberConfigure Route Summarization between Ospf Areas Command Purpose Area area-idvirtual-link router-idhelloCreate Virtual Links Not-advertisedControl Default Metrics Configure Route Calculation TimersRefresh Timer Configuration Redistribute Routes into OspfChange the Ospf Administrative Distances Prevent Routes from being Advertised in Routing UpdatesCommand Purpose Distance ospf external distance1 inter-area Suppress Routes on an InterfaceRouter ip-address NameVrrp Configuration Virtual Router Redundancy Protocol VrrpConfiguring Icmp Router Discovery Protocol Irdp Enable Irdp ProcessingMonitoring and Maintaining the Network Change Irdp ParametersCommand Purpose Show arp interface Show access-lists access-listShow ip prefix-list prefix-list-name Show ip irdpVlan Configuration Creating or Modifying a VlanDeleting a Vlan Routerconfig# interface veth2 vlan Routerconfig-if-veth2#Routerconfig# no vlan Routerconfig# exit Router# show vlan Trunk Ieee 802.1Q Static AccessVlan Port Membership Modes Trunk allowed vlan add all except Command Purpose Routerconfig# vlan dot1q tag native3 Dot1q Tunnel Mode dot1q-tunnel Appendix A. Basic Troubleshooting Problem Possible SolutionsAppendix B. Specifications Physical CharacteristicsTechnical Support and Warranty Standards ComplianceIntraCare Warranty Statement Appendix C. FCC Compliance and Warranty StatementsFCC Compliance Statement Important Safety Instructions Page Pin Number Signal Name Appendix D. Console Port Pin OutsAppendix E. Online Warranty Registration