SROS Command Line Interface Reference Guide

PPP Interface Configuration Command Set

 

 

Step 1:

Enable the security features of the Secure Router OS using the ip firewall command.

Step 2:

Create an access list to permit or deny specified traffic. Standard access lists provide pattern matching for source IP addresses only. (Use extended access lists for more flexible pattern matching.)

2.Using the host <A.B.C.D> to specify a single host address. For example, entering permit host 196.173.22.253 will allow all traffic from the host with an IP address of 196.173.22.253.

3.Using the <A.B.C.D> <wildcard> format to match all IP addresses in a “range”. Wildcard masks work in reverse logic from subnet mask. Specifying a one in the wildcard mask equates to a “don’t care”. For example, entering permit 192.168.0.0 0.0.0.255 will permit all traffic from the 192.168.0.0/24 network.

Note

The command permit <A.B.C.D> will also be assumed to mean permit host <A.B.C.D>.

Step 3:

Create an access policy that uses a configured access list. Secure Router OS access policies are used to permit, deny, or manipulate (using NAT) data for each physical interface. Each ACP consists of a selector (access list) and an action (allow, discard, NAT). When packets are received on an interface, the configured ACPs are applied to determine whether the data will be processed or discarded. Possible actions performed by the access policy are as follows:

allow list <access list names>

All packets passed by the access list(s) entered will be allowed to enter the router system.

discard list <access list names>

All packets passed by the access list(s) entered will be dropped from the router system.

allow list <access list names> policy <access policy name>

All packets passed by the access list(s) entered and destined for the interface using the access policy listed will be permitted to enter the router system. This allows for configurations to permit packets to a single interface and not the entire system.

discard list <access list names> policy <access policy name>

All packets passed by the access list(s) entered and destined for the interface using the access policy listed will be blocked from the router system. This allows for configurations to deny packets on a specified interface.

5991-2114

© Copyright 2005 Hewlett-Packard Development Company, L.P.

718

Page 718
Image 718
HP 7000 dl Router manual Copyright 2005 Hewlett-Packard Development Company, L.P 718