Chapter 4 Operational Concepts and Configuration Examples

show ip composite-op

show ip active-access- groups

Displays a composite operation of a Policy list.

Displays the active Policy list for each context/ direction.

Controlling Network Access to the X330WAN

X330WAN enables you to control access to its router interfaces using the “single point of presence” characteristics of the Layer 2 Loopback interface. This is an alternative to configuring Access Control rules separately on each router interface. By activating Access Control rules on a Loopback interface, you can control all traffic entering and leaving the X330WAN’s CPU. Different Access Lists can be configured on the “Loopback in” and “Loopback out” interfaces.

Note: A Policy list activated on a Loopback interface applies only to packets destined to the router interface, and not to packets routed by the CPU.

For example: An Access Control rule denying Telnet sessions placed on the Loopback interface prevent Telnet access to the CPU, thus preventing any configuration changes to the module. This rule does not prevent Telnet sessions between any two users connected to the X330WAN interfaces.

Perform the following to activate such a Policy list on the Loopback interface using the CLI:

1Create an Access Control List by entering: ip access-list 101 1 deny tcp any any eq 23

Where 101 is the Access list number, 1 is the number of the Rule in the list, Deny is the action, and 23 is the tcp Telnet port number.

2Type interface Loopback 1 to enter the Loopback1 interface.

3Use the ip access-group 101 in command to activate the new Access Control list created in step 1 on the ingress direction of the Loopback1 interface.

Note: In order to apply an Access Control List to the router interfaces, the Policy should be applied on Loopback1 interface (interface loopback1). If additional Loopback interfaces have been created, applying Policy on them does not take affect. No CLI message informs you of this during the configuration.

52

Avaya X330WAN User’s Guide

Page 74
Image 74
Avaya manual Controlling Network Access to the X330WAN, Show ip composite-op Show ip active-access- groups