ADTRAN Stub Routing Dokumentacja Pobierz pdf (Strona 177)

100

101

Command Reference Guide Global Configuration Mode Command Set

Functional Notes

Access control lists are used as packet selectors by access policies (ACPs); by themselves they do nothing.

ACLs are composed of an ordered list of entries with an implicit

deny all

at the end of each list. An ACL entry

contains two parts: an action (permit or deny) and a packet pattern. A permit ACL is used to allow packets

(meeting the specified pattern) to enter the router system. A deny ACL is used to block entry to the network for

specified criteria. The ADTRAN OS provides two types of ACLs: standard and extended. Standard ACLs allow

source IP address packet patterns only. Extended ACLs may specify patterns using most fields in the IP

header and the TCP or UDP header.

ACLs are performed in order from the top of the list down. Generally the most specific entries should be at the

top and the most general at the bottom.

The following commands are contained in the access-list standard command set:

remark

Use the remark command to associate a descriptive tag (up to 80 alphanumeric characters encased

in quotation marks) to the access-list. Enter a functional description for the list such as “This list

blocks all outbound web traffic”.

log

use the log keyword to log a message (if debug access-list is enabled for this access list) when the

access list finds a packet match.

permit or deny any

Use the any keyword to match any IP address received by the access list. For example, the following

allows all packets through the configured access list:

(config)# ip access-list standard MatchAll

(config-std-nacl)# permit any

permit or deny host <ip address>

Use the host <A.B.C.D> keyword to specify a single host address. For example, the following allows

all traffic from the host with an IP address of 196.173.22.253.

(config)# ip access-list standard MatchHost

(config-std-nacl)# permit 196.173.22.253

permit or deny <ip address> <wildcard>

Use the <A.B.C.D> <wildcard> format to match all IP addresses in a “range”. Wildcard masks work in

reverse logic from subnet mask. Specifying a one in the wildcard mask equates to a “don’t care”. For

example, the following denies all traffic from the 192.168.0.0/24 network:

(config)# ip access-list standard MatchNetwork

(config-std-nacl)# deny 192.168.0.0 0.0.0.255

1 2 ... 172 173 174 175 176 177 178 179 180 181 182 ... 567 568

ADTRAN Stub Routing Dokumentacja Strona 177

Komentarze do niniejszej Instrukcji

ADTRAN Stub Routing Dokumentacja Strona 177

Komentarze do niniejszej Instrukcji

Powiązane produkty i podręczniki dla Networking ADTRAN Stub Routing