Chapter 13 Configuring Access Control Lists on the ML-Series Card

ML-Series ACL Support

Creating Named Standard IP ACLs

To create a named standard IP ACL, perform the following procedure, beginning in global configuration mode:

 

Command

Purpose

Step 1

 

 

ML_Series(config)# ip access-list

Defines a standard IP ACL using an alphabetic

 

standard name

name.

Step 2

 

 

ML_Series(config-std-nac1)# {deny

In access-list configuration mode, specifies one or

 

permit} {source [source-wildcard] any}

more conditions as permitted or denied. This

 

 

determines whether the packet is passed or dropped.

Step 3

 

 

ML_Series(config)# exit

Exits access-list configuration mode.

 

 

 

Creating Named Extended IP ACLs (Control Plane Only)

To create a named extended IP ACL, perform the following procedure, beginning in global configuration mode:

 

Command

Purpose

Step 1

 

 

ML_Series(config)# ip access-list extended

Defines an extended IP ACL using an alphabetic

 

name

name.

Step 2

 

 

ML_Series(config-ext-nacl)# {deny permit}

In access-list configuration mode, specifies the

 

protocol source source-wildcard destination

conditions allowed or denied.

 

destination-wildcard [precedence

 

 

precedence] [tos tos]

Or:

 

 

 

or

Defines an extended IP ACL using an abbreviation

 

 

for a source and source wildcard of 0.0.0.0

 

{deny permit} protocol any any

255.255.255.255, and an abbreviation for a

 

or

destination and destination wildcard of 0.0.0.0

 

255.255.255.255.

 

 

 

{deny permit} protocol host source host

Or:

 

destination

 

Defines an extended IP ACL using an abbreviation

 

 

 

 

for a source and source wildcard of source 0.0.0.0,

 

 

and an abbreviation for a destination and

 

 

destination wildcard of destination 0.0.0.0.

 

 

 

Applying the ACL to an Interface

After you create an ACL, you can apply it to one or more interfaces. ACLs can be applied on either the inbound or the outbound direction of an interface. When controlling access to an interface, you can use a name or number. If a standard ACL is applied, the ML-Series card compares the source IP address with the ACL. To apply an ACL to one or more interfaces, use the command in Table 13-2.

Note IP standard ACLs applied to the ingress of a Bridge Group Virtual Interface (BVI) will be applied to all bridged IP traffic in the associated bridge-group, in addition to the BVI ingress traffic.

Cisco ONS 15310-CL and Cisco ONS 15310-MA Ethernet Card Software Feature and Configuration Guide R8.5

13-4

78-18133-01

 

 

Page 165 Page 167
Page 166
Image 166
Cisco Systems 15310-MA, 15310-CL Creating Named Standard IP ACLs, Creating Named Extended IP ACLs Control Plane Only, 13-4
Page 165 Page 167

15310-CL, 15310-MA specifications

Cisco Systems has established itself as a leader in the networking domain, offering a wide array of solutions to meet the needs of modern businesses. Among its impressive product lineup are the Cisco 15310-CL and 15310-MA routers, designed to provide advanced network performance and reliability.

The Cisco 15310-CL is a versatile platform that primarily serves as a carrier-class router aimed at supporting high-speed data and voice services. It is built to handle the demands of large enterprises and service providers, offering a robust design that ensures maximum uptime and performance. One of its standout features is its modular architecture, which enables users to customize their configurations based on specific application needs. This scalability allows for future expansion without the need for a complete hardware overhaul.

Key technologies integrated into the Cisco 15310-CL include high-density Ethernet interfaces and a comprehensive suite of Layer 2 and Layer 3 protocol support. The device is capable of supporting multiple types of connections, including TDM, ATM, and Ethernet. This flexibility makes it an ideal choice for organizations that require seamless migration between various service types. Moreover, with features such as MPLS (Multiprotocol Label Switching) support and advanced Quality of Service (QoS) mechanisms, the router ensures that critical applications receive the necessary bandwidth and low latency required for optimal performance.

In contrast, the Cisco 15310-MA focuses on access solutions, providing a cost-effective entry point for businesses looking to enhance their network capabilities. It is well-suited for smaller offices or branch locations that need reliable connectivity without the expense and complexity associated with larger systems. The device supports a range of access methods and provides essential features like firewall capabilities, VPN support, and comprehensive security measures to protect sensitive data.

Both models benefit from Cisco's commitment to security and manageability, offering features like enhanced encryption protocols and user authentication mechanisms that help safeguard networks against threats. Additionally, they can be managed through Cisco’s intuitive software tools, simplifying configuration and monitoring tasks for IT administrators.

The Cisco 15310-CL and 15310-MA are ideal solutions for businesses seeking to enhance their network infrastructure, ensuring firms can keep pace with evolving technology demands while maintaining a focus on security and performance. Their combination of advanced features, modular capabilities, and robust support makes them valuable assets in the networking landscape.
Top Page Image Contents