ADTRAN Stub Routing Dokumentacja Pobierz pdf (Strona 210)

100

101

Global Configuration Mode Command Set Command Reference Guide

Technology Review

Creating access policies and lists to regulate traffic through the routed network is a four-step process:

Step 1:

Enable the security features of the ADTRAN OS using the ip firewall command.

Step 2:

Create an access list to permit or deny specified traffic. Standard access lists provide pattern

matching for source IP addresses only. (Use extended access lists for more flexible pattern

matching.) IP addresses can be expressed in one of three ways:

1. Using the keyword any to match any IP address. For example, entering deny any will effectively

shut down the interface that uses the access list because all traffic will match the any keyword.

2. Using the host <A.B.C.D> to specify a single host address. For example, entering permit

196.173.22.253 will allow all traffic from the host with an IP address of 196.173.22.253.

3. Using the <A.B.C.D> <wildcard> format to match all IP addresses in a “range”. Wildcard masks

work in reverse logic from subnet mask. Specifying a one in the wildcard mask equates to a

“don’t care”. For example, entering discard 192.168.0.0 0.0.0.255 will discard all traffic from the

192.168.0.0/24 network.

Step 3:

Create an access policy that uses a configured access list. ADTRAN OS access policies are used to

allow, discard, or manipulate (using NAT) data for each physical interface. Each ACP consists of a

selector (access list) and an action (allow, discard, NAT). When packets are received on an interface,

the configured ACPs are applied to determine whether the data will be processed or discarded.

Possible actions performed by the access policy are as follows:

allow list <access list names>

discard list <access list names>

allow list <access list names> policy <access policy name>

discard list <access list names> policy <access policy name>

nat source list <access list names> address <IP address> overload

nat source list <access list names> interface <interface> overload

nat destination list <access list names> address <IP address>

Step 4:

Apply the created access policy to an interface. To assign an access policy to an interface, enter the

interface configuration mode for the desired interface and enter access policy <policy name>. The

following example assigns access policy MatchAll to the ethernet 0/1 interface:

(config)# interface ethernet 0/1

(config-eth 0/1)# access-policy MatchAll

1 2 ... 205 206 207 208 209 210 211 212 213 214 215 ... 567 568

ADTRAN Stub Routing Dokumentacja Strona 210

Komentarze do niniejszej Instrukcji

ADTRAN Stub Routing Dokumentacja Strona 210

Komentarze do niniejszej Instrukcji

Powiązane produkty i podręczniki dla Networking ADTRAN Stub Routing