Advanced Configuration and Management Guide

Inbound IP Access Policy Group for Port 1/1

PolicyID Action SourceDestination

--------------------------------------------------------------------------------

3

Deny

209.157.22.26/32

any

17

Deny

209.157.22.14/32

any

34

Deny

209.157.22.69/32

201.21.2.7/32

1024

Permit

any

any

Source:

 

 

Source:

 

 

Source:

 

 

 

Source:

 

Source:

209.157.22.69/24

 

 

209.157.22.11/24

 

209.157.22.26/24

 

209.157.22.69/24

 

 

 

209.157.22.128/24

Dest:

 

 

Dest:

 

 

Dest:

 

 

 

Dest:

 

 

 

Dest:

 

 

 

 

211.44.29.67/24

 

 

209.241.12.66/24

 

201.21.2.7/24

 

209.211.44.128/24

 

 

 

209.184.66.128/24

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Denied

Permitted

Permitted

 

Bit

Bucket

Figure D.1 IP access policies in inbound policy group for a port

Actions

IP access policies either forward or drop IP packets based on the IP source and IP destination addresses. You also can configure the policy to forward or drop a packet based on TCP/UDP port information. In this case, you are configuring a TCP/UDP access policy. See “TCP/UDP Access Policies” on page C-9.

Scope

You configure IP access policies globally, then apply them to individual ports. When you apply an IP policy to a port, you specify whether the policy applies to inbound or outbound packets. You can use the same policy in a port’s inbound policy group and outbound policy group. When you configure a policy group, you must add all the policies to the group at one time. You cannot edit policy groups later. To change a policy group, you must delete the group and then add a new group.

Policies within the group are applied in positional order from left to right. Make sure you specify the filters in the order you want the device to apply them.

C - 8