beautypg.com

Patton electronic ONSITE 2800 User Manual

Page 83

background image

Access control list configuration task list

83

OnSite 2800 Series User Manual

7 • Access control list configuration

Before you begin to enter the commands that create and configure the IP access control list, be sure that you
are clear about what you want to achieve with the list. Consider whether it is better to deny specific accesses
and permit all others or to permit specific accesses and deny all others.

Note

Since a single access control list can have multiple filtering criteria
statements, but editing those entries online can be tedious. Therefore,
we recommend editing complex access control lists offline within a
configuration file and downloading the configuration file later via
TFTP to your OnSite device.

Creating an access control list profile and enter configuration mode

This procedure describes how to create an IP access control list and enter access control list configuration mode

Mode: Administrator execution

name is the name by which the access list will be known. Entering this command puts you into access control list
configuration mode where you can enter the individual statements that will make up the access control list.

Use the

no

form of this command to delete an access control list profile. You cannot delete an access control

list profile if it is currently linked to an interface. When you leave the access control list configuration mode,
the new settings immediately become active.

Example: Create an access control list profile

In the following example the access control list profile named WanRx is created and the shell of the access con-
trol list configuration mode is activated.

2800>enable
2800#configure
2800(cfg)#profile acl WanRx
2800(pf-acl)[WanRx]#

Adding a filter rule to the current access control list profile

The commands

permit

or deny are used to define an IP filter rule. This procedure describes how to create an

IP access control list entry that permits access

Mode: Profile access control list

This procedure describes how to create an IP access control list entry that denies access

Step

Command

Purpose

1

node(cfg)#profile acl name Creates the access control list profile name and enters the configura-

tion mode for this list

Step

Command

Purpose

1

node(pf-acl)[name]#permit ip {src src-wildcard | any |
host src} {dest dest-wildcard | any | host dest} [cos group]

Creates an IP access of control list
entry that permits access defined
according to the command
options

See also other documents in the category Patton electronic Hardware: