SmartWare Software Configuration Guide

24 • Access control list configuration

 

 

Before you begin to enter the commands that create and configure the IP access control list, be sure that you are clear about what you want to achieve with the list. Consider whether it is better to deny specific accesses and permit all others or to permit specific accesses and deny all others.

Note Since a single access control list can have multiple filtering criteria state- ments, but editing those entries online can be tedious. Therefore, we recom- mend editing complex access control lists offline within a configuration file and downloading the configuration file later via TFTP to your SmartNode device.

Creating an access control list profile and enter configuration mode

This procedure describes how to create an IP access control list and enter access control list configuration mode

Mode: Administrator execution

Step

Command

Purpose

1node(cfg)#profile acl name Creates the access control list profile name and enters the configura- tion mode for this list

name is the name by which the access list will be known. Entering this command puts you into access control list configuration mode where you can enter the individual statements that will make up the access control list.

Use the no form of this command to delete an access control list profile. You cannot delete an access control list profile if it is currently linked to an interface. When you leave the access control list configuration mode, the new settings immediately become active.

Example: Create an access control list profile

In the following example the access control list profile named WanRx is created and the shell of the access con- trol list configuration mode is activated.

node>enable

node#configure node(cfg)#profile acl WanRx node(pf-acl)[WanRx]#

Adding a filter rule to the current access control list profile

The commands permit or deny are used to define an IP filter rule. This procedure describes how to create an IP access control list entry that permits access

Mode: Profile access control list

Step

Command

Purpose

 

 

 

1

node(pf-acl)[name]#permit ip {src src-wildcard any

Creates an IP access of control list

 

host src} {dest dest-wildcard any host dest} [cos group]

entry that permits access defined

 

 

according to the command

 

 

options

 

 

 

This procedure describes how to create an IP access control list entry that denies access

Access control list configuration task list

257

Page 257
Image 257
Patton electronic SmartNode 4110 Series manual Nodepf-acl name#permit ip src src-wildcard any