Configuring ACL Introduction
6-35
Software Reference for SwitchBlade x3100 Series Switches (Access and Security)
TABLE 6-5 Configuration Procedure for ACL
Step Command Description (Optional)
Create the ACCESSLIST stb_range to PERMIT the IP address range.
1
CREATE ACCESSLIST stb_range RULE=PERMIT IPSOURCE=172.16.5.0
SOURCEMASK=255.255.255.240
SHOW ACCESSLIST stb_range
--- Access Lists --------------------------------------------------------------
Name Interfaces Rule Action Fields
---------------- ---------------- ---- ------- -------------------------------
stb_range 1 PERMIT IPSOURCE=172.16.5.0
SOURCEMASK=255.255.255.240
-- DENY // all other packets dropped
Since all other packets are dropped, add rule to the stb_range to allow ARP packets through.
a
2
ADD ACCESSLIST stb_range RULE=PERMIT PROTOCOL=0x806
// 0x806 is the protocol-type for ARP
SHOW ACCESSLIST stb_range
--- Access Lists ----------------------------------------------------------
Name Interfaces Rule Action Fields
--------- -------------- ---- ------- ------------------------------- ----
stb_range 1 PERMIT IPSOURCE=172.16.5.0
SOURCEMASK=255.255.255.240
2 PERMIT PROTOCOL=2054
-- DENY
If needed, deny a type of packet from the approved range by placing a new rule at a higher precedence. than the Ip
address rule.
3
ADD ACCESSLIST stb_range RULE=DENY APPLICATION=NETBIOS BEFORE=1//ipaddress
rule
SHOW ACCESSLIST stb_range
--- Access Lists ----------------------------------------------------------
Name Interfaces Rule Action Fields
--------- -------------- ---- ------- ------------------------------- ----
stb_range 1 DENY APPLICATION=NETBIOS
2 PERMIT IPSOURCE=172.16.5.0
SOURCEMASK=255.255.255.240
3 PERMIT PROTOCOL=2054
-- DENY
Add the ACCESSLIST stb_range to an interface or set of interfaces.
To Next Page
Loading...
