Advanced Configuration and Management Guide
Inbound IP Access Policy Group for Port 1/1
PolicyID Action SourceDestination
3 | Deny | 209.157.22.26/32 | any |
17 | Deny | 209.157.22.14/32 | any |
34 | Deny | 209.157.22.69/32 | 201.21.2.7/32 |
1024 | Permit | any | any |
Source: |
|
| Source: |
|
| Source: |
|
|
| Source: |
| Source: | ||||||
209.157.22.69/24 |
|
| 209.157.22.11/24 |
| 209.157.22.26/24 |
| 209.157.22.69/24 |
|
|
| 209.157.22.128/24 | |||||||
Dest: |
|
| Dest: |
|
| Dest: |
|
|
| Dest: |
|
|
| Dest: | ||||
|
|
|
| |||||||||||||||
211.44.29.67/24 |
|
| 209.241.12.66/24 |
| 201.21.2.7/24 |
| 209.211.44.128/24 |
|
|
| 209.184.66.128/24 | |||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Denied | Permitted | Permitted |
|
Bit
Bucket
Figure D.1 IP access policies in inbound policy group for a port
Actions
IP access policies either forward or drop IP packets based on the IP source and IP destination addresses. You also can configure the policy to forward or drop a packet based on TCP/UDP port information. In this case, you are configuring a TCP/UDP access policy. See “TCP/UDP Access Policies” on page
Scope
You configure IP access policies globally, then apply them to individual ports. When you apply an IP policy to a port, you specify whether the policy applies to inbound or outbound packets. You can use the same policy in a port’s inbound policy group and outbound policy group. When you configure a policy group, you must add all the policies to the group at one time. You cannot edit policy groups later. To change a policy group, you must delete the group and then add a new group.
Policies within the group are applied in positional order from left to right. Make sure you specify the filters in the order you want the device to apply them.
C - 8