SROS Command Line Interface Reference Guide

Global Configuration Mode Command Set

 

 

discard list <access list names> policy <access policy name>

All packets passed by the access list(s) entered and destined for the interface using the access policy listed will be blocked from the router system. This allows for configurations to deny packets on a specified interface.

nat source list <access list names> address <IP address> overload

All packets passed by the access list(s) entered will be modified to replace the source IP address with the entered IP address. The overload keyword allows multiple source IP addresses to be replaced with the single IP address entered. This hides private IP addresses from outside the local network.

nat source list <access list names> interface <interface> overload

All packets passed by the access list(s) entered will be modified to replace the source IP address with the primary IP address of the listed interface. The overload keyword allows multiple source IP addresses to be replaced with the single IP address of the specified interface. This hides private IP addresses from outside the local network.

nat destination list <access list names> address <IP address>

All packets passed by the access list(s) entered will be modified to replace the destination IP address with the entered IP address. The overload keyword is not an option when performing NAT on the destination IP address; each private address must have a unique public address. This hides private IP addresses from outside the local network.

Caution

Before applying an access control policy to an interface, verify your Telnet

 

connection will not be affected by the policy. If a policy is applied to the interface you

 

are connecting through and it does not allow Telnet traffic, your connection will be

 

lost.

 

 

Step 4:

Apply the created access policy to an interface. To assign an access policy to an interface, enter the interface configuration mode for the desired interface and enter access policy <policy name>. The following example assigns access policy MatchAll to the Ethernet 0/1 interface:

(config)#interface ethernet 0/1 (config-eth0/1)#access-policy MatchAll

5991-2114

© Copyright 2005 Hewlett-Packard Development Company, L.P.

260

Page 260
Image 260
HP 7000 dl Router manual Lost