Step Description Command Keys
15 Set VLAN ID for which the rule should
work (optional).
esr(config-acl-rule)# match vlan
<VID>
<VID> – VLAN ID, takes values
of [1..4094].
16 Activate a rule. esr(config-acl-rule)# enable
17 Specify access control list for the
configured interface to filtrate incoming
traffic.
esr(config-if-gi)# service-acl input
<NAME>
<NAME> – access control list
name, set by the string of up to
31 characters.
Also the access lists can be used to organize QoS policy.
13.5.2 Access list configuration example
Objective:
Allow traffic transmission from 192.168.20.0/24 subnet only.
Solution:
Configure access control list for filtering by a subnet:
esr# configure
esr(config)# ip access-list extended white
esr(config-acl)# rule 1
esr(config-acl-rule)# action permit
esr(config-acl-rule)# match source-address 192.168.20.0 255.255.255.0
esr(config-acl-rule)# enable
esr(config-acl-rule)# exit
esr(config-acl)# exit
Apply access list to Gi1/0/19 interface for inbound traffic:
esr(config)# interface gigabitethernet 1/0/19
esr(config-if-gi)# service-acl input white
To view the detailed information on access control list, use the following command:
esr# show ip access-list white
13.6 IPS/IDS configuration
IPS/IDS (Intrusion Prevention System/Intrusion Detection System) – a network and computer security software
system that detects intrusions or security breaches and automatically protecting from them.
The system is based on signature traffic analysis. Signatures for IPS/IDS systems are commonly called rules.
ESR devices allow you to download current rules from open sources on the Internet or from a corporate server.
Using the CLI, you can also create your own specific rules.
To Next Page
Loading...
