Defining access lists – ATL Telecom R1-SW Ethernet Switch User Manual
Page 217
Configuring Security
10-7
Defining Access Lists
The Corecess R1-SW24L2B provides basic traffic filtering capabilities with access control lists.
You can configure access lists at your system to control access to a network: access lists can
prevent certain traffic from entering or exiting a network.
To define access lists, enter the following command in Privileged mode:
Table 10-2 Defining access lists
Command
Task
configure terminal
1.
Enter the Global configuration mode.
access-list
{permit|deny}
[
access-list
{permit|deny}
host
access-list
{permit|deny} any
2. Configure an ACL with the IP addresses you want to allow or
deny to access the system.
y
: Number of the standard access list (1 ~
99, 1300 ~ 1999)
y
permit
: Permits the frame whose source address matches
the condition.
y
deny
: Denies the frame whose source address matches the
condition.
y
dynamic
: Permits the frame whose source address
matches the condition dynamically.
y
: The IP address of the source network or
host in hexadecimal form (xxx.xxx.xxx.xxx).
y
: Wildcard bit to be applied to ip> . The wildcard is a four-part value in dotted-decimal notation (IP address format) consisting of ones and zeros. y host : Indicates only the specified IP address for which the access actions are available. y any : Configures the policy to match on all host addresses. end 3. Return to the Privileged mode. show access-list 4. Verify the defined access lists. Note: Zeros in the mask mean the packet's source address must match the x The packets that do not match any entries in an access list are denied.
Zeros in the mask mean the packet's source address must
match the
x The wildcard is a four-part value in dotted-decimal notation (IP address format) consisting of ones and zeros.
matches. For example, the
hosts in the Class C sub-net 209.157.22.x match the policy.