ADTRAN Stub Routing Dokumentacja Pobierz pdf (Strona 174)

Global Configuration Mode Command Set Command Reference Guide

Usage Examples

The following example creates an access list

AllowIKE

to allow all IKE (UDP Port 500) packets from the

190.72.22.55.0/24 network:

(config)#

ip access-list extended AllowIKE

(config-ext-nacl)#

permit udp 190.72.22.55.0 0.0.0.255 eq 500 any eq 500

For more details, refer to the

NetVanta 3000 Series System Manual

CD or the ADTRAN website

(www.adtran.com) for technical support notes regarding access-list configuration.

Technology Review

Creating access policies and lists to regulate traffic through the routed network is a four-step process:

Step 1:

Enable the security features of the ADTRAN OS using the ip firewall command.

Step 2:

Create an access control list (using the ip access-list command) to permit or deny specified traffic.

Standard access lists provide pattern matching for source IP addresses only. (Use extended access

lists for more flexible pattern matching.) IP addresses can be expressed in one of three ways:

1. Using the keyword any to match any IP address. For example, entering deny any will effectively

shut down the interface that uses the access list because all traffic will match the any keyword.

2. Using the host <A.B.C.D> to specify a single host address. For example, entering permit

196.173.22.253 will allow all traffic from the host with an IP address of 196.173.22.253.

3. Using the <A.B.C.D> <wildcard> format to match all IP addresses in a “range”. Wildcard masks

work in reverse logic from subnet mask. Specifying a one in the wildcard mask equates to a

“don’t care”. For example, entering deny 192.168.0.0 0.0.0.255 will deny all traffic from the

192.168.0.0/24 network.

Step 3:

Create an access control policy (using the ip policy-class command) that uses a configured access

list. ADTRAN OS access policies are used to allow, discard, or manipulate (using NAT) data for each

physical interface. Each ACP consists of a selector (access list) and an action (allow, discard, NAT).

When packets are received on an interface, the configured ACPs are applied to determine whether

the data will be processed or discarded. Possible actions performed by the access policy are as

follows:

allow list <access list names>

All packets passed by the access list(s) entered will be allowed to enter the router system.

discard list <access list names>

All packets passed by the access list(s) entered will be dropped from the router system.

allow list <access list names> dest-policy <access policy name>

All packets passed by the access list(s) entered and destined for the interface using the access

policy listed will be permitted to enter the router system. This allows for configurations to permit

packets to a single interface and not the entire system.

1 2 ... 169 170 171 172 173 174 175 176 177 178 179 ... 567 568

ADTRAN Stub Routing Dokumentacja Strona 174

Komentarze do niniejszej Instrukcji

ADTRAN Stub Routing Dokumentacja Strona 174

Komentarze do niniejszej Instrukcji

Powiązane produkty i podręczniki dla Networking ADTRAN Stub Routing