50 ESR Series Routers Operation Manual
esr(config-zone-rule)# match destination-address LAN
esr(config-zone-rule)# match source-address LAN_GATEWAY
esr(config-zone-rule)# enable
esr(config-zone-rule)# exit
esr(config-zone-pair)# exit
esr(config)# exit
Configuration changes will take effect when the following commands are executed:
esr# commit
Configuration has been successfully committed
esr# confirm
Configuration has been successfully confirmed
esr#
To view port membership in zones, use the following command:
esr# show security zone
To view zone pairs and their configuration, use the following commands:
esr# show security zone-pair
esr# show security zone-pair configuration
To view active sessions, use the following commands:
esr# show ip firewall sessions
7.9 Access list (ACL) configuration
Access Control List or ACL is a list that contains rules defining traffic transmission through the
interface.
Objective: Allow traffic transmission from 192.168.20.0/24 subnet only.
Solution:
Configure access control list for filtering by a subnet:
esr# configure
esr(config)# ip access-list extended white
esr(config-acl)# rule 1
esr(config-acl-rule)# action permit
esr(config-acl-rule)# match protocol any
esr(config-acl-rule)# match source-address 192.168.20.0 255.255.255.0
esr(config-acl-rule)# match destination-address any
esr(config-acl-rule)# enable
esr(config-acl-rule)# exit
esr(config-acl)# exit
Apply access list to Gi1/0/19 interface for inbound traffic:
esr(config)# interface gigabitethernet 1/0/19
esr(config-if-gi)# service-acl input white
Configuration changes will take effect when the following commands are executed:
To Next Page
Loading...
