OnSite 2800 Series User Manual

7 • Access control list configuration

 

 

Unbind an access control list profile from an interface.

2800(cfg)#context ip router 2800(cfg-ip)[router]#interface wan 2800(cfg-if)[wan]#no use profile acl in

Note When unbinding an access control list profile the name argument is not required, since only one incoming and outgoing access control list can be active at the same time on a certain IP interface.

Displaying an access control list profile

The show profile acl command displays the indicated access control list profile. If no specific profile is selected all installed access control list profiles are shown. If an access control list is linked to an IP interface the number of matches for each rule is displayed. If the access control list profile is linked to more than one IP interface, it will be shown for each interface.

This procedure describes how to display a certain access control list profile

Mode: Administrator execution or any other mode, except the operator execution mode

Step

Command

Purpose

 

 

 

1

node#show profile acl name

Displays the access control list profile name

 

 

 

Example: Displaying an access control list entries

The following example shows how to display the access control list profile named WanRx.

2800#show profile acl WanRx

IP access-list WanRx. Linked to router/wan/in. deny icmp any any msg echo

permit ip 62.1.2.3 0.0.255.255 host 193.14.2.11 permit ip 97.123.111.0 0.0.0.255 host 193.14.2.11 permit tcp any host 193.14.2.10 eq 80

permit udp host 62.1.2.3 host 193.14.2.11 range 1024 2048 deny ip any any

Debugging an access control list profile

The debug acl command is used to debug the access control list profiles during system operation. Use the no form of this command to disable any debug output.

This procedure describes how to debug the access control list profiles

Mode: Administrator execution or any other mode, except the operator execution

Step

Command

Purpose

 

 

 

1

node#debug acl

Enables access control list debug monitor

 

 

 

This procedure describes how to activate the debug level of an access control list profiles for a specific interface.

Access control list configuration task list

90

Page 90
Image 90
Patton electronic 2800 Unbind an access control list profile from an interface, Displaying an access control list profile