Chapter 5 Connecting the Management Interfaces and Performing Initial System Configuration

Initial System Configuration

Step 7: ConfiguringAccess Control Lists (ACLs)

The SCE 2000 can be configured with Access Control Lists (ACLs), which are used to permit or deny incoming connections on any of the management interfaces.

Note ACL #0 is a pre-defined list that permits access to all IP addresses.

Configuration of access control lists is done in two stages:

Step 1 Create the access control lists.

You may create 99 ACLs with a maximum of 20 entries per list. Each entry consists of an IP address, and an indication of whether access is permitted or denied to this IP address.

Step 2 Assign the ACLs to the appropriate management interface. (See Step 9: Configuring the Topology-Dependent Parameters.)

The dialog permits you to skip the creation/editing of the ACLs and go directly to assigning ACLs to the management interfaces.

Entry Formats

Each ACL may permit/deny access to any IP address, one or more ranges of IP addresses, or one or more individual IP address. Three entry formats are available to support these options:

Any IP address: Type the word “any”. Any IP address will be permitted or denied access.

Range of IP addresses: Type the beginning IP address in the desired range, then enter the wildcard bits that define the range.

This wildcard functions like a reverse mask, in that all “1” bits in the wildcard indicate the corresponding bit in the IP address should be ignored. All other bits must match the corresponding bit in the specified IP address. Refer to the table below for examples.

Each range of IP addresses can be configured to be permitted or denied access.

Individual IP address: Type the desired IP address, then enter the wildcard bits 0.0.0.0. Each individual IP address can be configured to be permitted or denied access.

Table 5-2 IP address/Wildcard bit examples

 

 

Initial IP address

Wildcard bits

Range

 

 

 

 

 

 

 

10.1.1.0

0.0.0.255

10.1.1.0–10.1.1.255

 

 

 

 

 

 

10.1.1.0

0.0.0.63

10.1.1.0–10.1.1.63

 

 

 

 

 

 

10.1.1.0

0.0.0.0

10.1.1.0 (individual entry)

 

 

 

 

 

 

 

 

 

 

 

SCE 2000 4xGBE Installation and Configuration Guide

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

OL-7824-02

 

 

5-13

 

 

 

 

 

 

 

 

Page 77
Image 77
Cisco Systems SCE 2000 4xGBE ConfiguringAccess Control Lists ACLs, Entry Formats, Initial IP address Wildcard bits Range

SCE 2000 4xGBE specifications

The Cisco Systems SCE 2000 4xGBE is a robust solution designed to optimize IP networks and enhance service delivery. As a member of Cisco's Service Control Engine (SCE) product line, this device is particularly suited for service providers looking to manage network traffic, improve service quality, and provide a suite of advanced management features.

One of the standout features of the SCE 2000 is its ability to process and analyze network traffic in real-time. This capability allows operators to gain insights into user behavior, application usage, and overall network performance. By utilizing deep packet inspection technology, the SCE 2000 can identify different types of traffic, enabling network managers to enforce policies and prioritize critical applications effectively.

In terms of interface capabilities, the SCE 2000 offers four 1 Gigabit Ethernet (GbE) ports. This versatility allows for easy integration into existing network infrastructure while ensuring ample bandwidth for data transfer. The device supports both IPv4 and IPv6 protocols, making it future-proof and suitable for evolving network demands.

One of the significant technologies employed by the SCE 2000 is Service Level Agreement (SLA) management. This feature ensures that service providers can meet their commitments to customers by monitoring performance metrics such as latency, jitter, and packet loss. The ability to generate reports based on SLA compliance allows for better customer engagement and transparency.

Additionally, the SCE 2000 facilitates dynamic resource allocation, enabling service providers to adapt network resources based on current demand. This elasticity is crucial in managing peak loads and ensuring a seamless user experience. Furthermore, the device’s support for Quality of Service (QoS) policies ensures that critical applications receive the necessary bandwidth and resources dedicated to maintaining operational efficiency.

The SCE 2000 also emphasizes security with features such as intrusion detection and prevention capabilities, helping protect the integrity of the network. This combination of performance monitoring, traffic management, and security makes the SCE 2000 an invaluable tool for service providers.

In conclusion, the Cisco Systems SCE 2000 4xGBE is a powerful network management solution that excels in providing real-time traffic management, SLA compliance, and security features. Its capabilities make it an essential component for service providers aiming to optimize their networks while delivering high-quality services to their customers.