beautypg.com

Applying acls to services, Using acls as profiles, Applying acls to services using acls as profiles – Cabletron Systems SmartSwitch User Manual

Page 263

background image

SmartSwitch Router User Reference Manual

263

Chapter 17: Access Control List Configuration Guide

interface. Nonetheless, for performance reasons, whenever possible, you should create
and apply an ACL to the inbound interface.

To apply an ACL to an interface, enter the following command in Configure mode:

Applying ACLs to Services

ACLs can also be created to permit or deny access to system services provided by the SSR;
for example, HTTP or Telnet servers. This type of ACL is known as a Service ACL. By
definition, a Service ACL is for controlling inbound packets to a service on the router. For
example, you can grant Telnet server access from a few specific hosts or deny Web server
access from a particular subnet. It is true that you can do the same thing with ordinary
ACLs and apply them to all interfaces. However, the Service ACL is created specifically to
control access to some of the services on the SSR. As a result, only inbound traffic to the
SSR is checked. Destination address and port information is ignored; therefore if you are
defining a Service ACL, you do not need to specify destination information.

Note:

If a service does not have an ACL applied, that service is accessible to everyone.
To control access to a service, an ACL must be used.

To apply an ACL to a service, enter the following command in Configure mode:

Using ACLs as Profiles

You can use the acl command to define a profile. A profile specifies the criteria that
addresses, flows, hosts, or packets must meet to be relevant to certain SSR features. Once
you have defined an ACL profile, you can use the profile with the configuration command
for that feature. For example, the Network Address Translation (NAT) feature on the SSR
allows you to create address pools for dynamic bindings. You use ACL profiles to
represent the appropriate pools of IP addresses.

Apply ACL to an interface.

acl

apply interface

input|output [logging on|off|deny-
only|permit-only][policy local|external]

Apply ACL to a service.

acl

apply service

[logging [on|off]]

See also other documents in the category Cabletron Systems Hardware: