Enterasys Networks XSR-Series manual Access control list moving online editing

Page 11

3.3 Access control list moving online editing

XSR-1805#show running-config

!!

!Version 4.0.0.0, Built Mar 26 2003, 19:47:17

hostname XSR-1805

access-list 110 deny ip 10.10.10.100 0.0.0.0 any access-list 110 deny ip 10.10.10.111 0.0.0.0 any access-list 110 permit ip any any

interface FastEthernet1 description "LAN-Interface1" ip access-group 110 in

ip address 10.10.10.1 255.255.255.0 no shutdown

end

XSR-1805(config)#access-list 110 move 1 2

!!

!Version 4.0.0.0, Built Mar 26 2003, 19:47:17

hostname XSR-1805

access-list 110 deny ip 10.10.10.111 0.0.0.0 any access-list 110 deny ip 10.10.10.100 0.0.0.0 any access-list 110 permit ip any any

interface FastEthernet1 description "LAN-Interface1" ip access-group 110 in

ip address 10.10.10.1 255.255.255.0 no shutdown

end

XSR-1805#

Configuration Guide

Page 11 of 55

Image 11
Contents Configuration Guide Table of Contents Appendix Helpful commands for using the XSR platformIP-Static-routing IP-Loopback Interface IP-Address and Secondary Addresses configurationIP-OSPF-routing IP-RIPv1,v2-routing Ip local pool 10th 10.10.10.0 Sntp Simple Network Time Protocol Duplex half System login bannerDuplex full Configuration Guide XSR-1805config#access-list 110 move 1 Access control list moving online editingHostname XSR-18051 Router-2-BackupVirtual Router Redundancy Protocol RFC Router-1-MasterVrrp 1 priority Vrrp 1 master-respond-ping no shutdown Vrrp monitor interface function, interface trackingIp address 10.10.10.1 255.255.255.0 no shutdown Access-list 10 permit 10.10.10.0NAT static bindings NAT dynamic with PAT Port Address TranslationDialer Interface Controller e1 0/2/0 clock source internal no shutdown Dialer Backup interface functionUsername remote privilege 0 password is not displayed PAP for authentication PPPInterface Dialer0 dialer pool Chap for authentication PPPUsername remote privilege 0 cleartext iamRemote Dialer-list 1 protocol ip list XSR-1805-1config#aaa user XSR-1805-1config-aaa#password XSRVPN via Dialer Interface rtr1 VPN via Dialer Interface rtr2 Dialer Int. PRI to BRI with D-channel-callbackcentral-site Ppp pap sent-username central password xsr ppp multilinkDialer Int. PRI to BRI with D-channel-callbackremote1-site Ppp pap sent-username remote1 password xsr1 ppp multilinkDialer Int. PRI to BRI with D-channel-callbackremote2-site Ppp pap sent-username remote2 password xsr2 ppp multilinkIsdn config for BRIx/x Isdn switch type changing Dialer-group Isdn callbackDialer caller 112233 callback dialer remote-name XSR-Remote Isdn multilink / Isnd channel bundling PPPoE on Adsl interface with chap authentication AAA Authentication Authorization Accounting Radius Logging Snmp Medium Ip ssh server disable Ip telnet server disableSSH / Telnet Syslog function, Server local-bufferSnmp v1/v2/v3 Snmp configuration /contact/location/parameterIp route 80.80.80.0 255.255.255.0 XSR-18051config#aaa user XSR-18051config-aaa#password XSR0r1 VPN Ipsec site-to-site tunnel via pre-shared key Router-1Ip route 10.10.10.0 255.255.255.0 XSR-18052config#aaa user XSR-18052config-aaa#password XSR0r2 VPN Ipsec site-to-site tunnel via pre-shared key Router-2VPN Ipsec site-to-site tunnel certification PKI Request certificate from CA y/n ? y XSR-18051config#crypto ca identity Enterasys-Networks-CAPassword Re-enter password XSR-18051config#crypto ca crl request Enterasys-Networks-CAENTITY-ACTIVE Certification control / certificates / Crls / CA identityPptp encrypt mppe auto VPN Pptp User terminationXSR-18051config#aaa user XSR-18051config-aaa#password XSR XSR-18052config#aaa user XSR-18052config-aaa#password XSR Version 6.0.0.0, Built Sep 14 2003 5r1 GRE native site-to-site tunnel5r2 GRE native site-to-site tunnel Diffserv Dscp field addressing Description internalloopbackPrivate ip address 13.13.13.1 Firewall configurationDescription InteralnetworkPrivate ip address 10.10.10.1 Ip address 30.30.30.1 Vlan configuration 802.1q tagged routingIp address 20.20.20.1 XSR-1805 uptime is 0 days, 2 hours, 23 minutes A1.2 ping & tracerouteVersion 2.02, Built Feb 24 2003 Version 4.0.0.0, Built Mar 26 2003Current operational speed is negotiated to 100 Mb/s Current operational duplex mode is negotiated to fullA1.4 telnet to other routers Physical link is currently upA1.6 verify the flash file checksum A1.5 flash/ cflash/ dir, rename, copy commandsB1.1 show ip arp B1.0 show ip routeC1.3 show crypto map C1.0 show tunnelsC1.1 show crypto isakmp sa C1.2 show crypto ipsec saC1.7 show ip route / GRE via Ipsec C1.4 show tunnels / GRE via IpsecC1.5 show interface vpn / GRE via Ipsec C1.6 show crypto ipsec sa / GRE via IpsecMTU is 1492 bytes D1.1 show ip interface atm 1/0.1D1.2 show controllers atm 1/0 VPI/VCI 1/32 D1.3 show controllers atm 1/0.1IfLastChange 001609 ATM 1/0 is Admin Up / Oper UpAdministrative State is Enabled Operational State is UP D1.4 show interface atm 1/0PPPoE is Oper Up ATM 1/0.1 is Admin Up / Oper UpD1.5 show interface atm 1/0.1 State OpenedCurrent State ATM 1/0.1 PPP is Admin Up / Oper UpChap authentication success with D1.6 show ppp interface atm 1/0.1Getting Help