ADTRAN E1 Manual de usuario descargar pdf (Pagina 10)

Creating Access Lists and Policies T1/E1 WAN Configuration Guide

Select the traffic into the list using the permit keyword, or block the traffic from the list using the deny

keyword. The source IP addresses can be entered in one of three ways:

1. Using the keyword any to match any IP address. For example, entering deny any will effectively shut

down the interface that uses the access list because all traffic will match the any keyword.

2. Using the host <A.B.C.D> to specify a single host address. For example, entering permit host

196.173.22.253 will allow all traffic from the host with an IP address of 196.173.22.253.

3. Using the <A.B.C.D> <wildcard> format to match all IP addresses in a “range.” Wildcard masks work

in reverse logic from subnet mask. Specifying a one in the wildcard mask equates to a “don’t care.” For

example, entering permit 192.168.0.0 0.0.0.255 will permit all traffic from the 192.168.0.0/24 network.

Extended ACLs provide flexible pattern matching on various different parameters. The following lists the

complete syntax for the ip access-list extended commands:

For example:

For detailed information regarding the extended ACL matching parameters, refer to the AOS Command

Reference Guide on your ADTRAN OS System Documentation CD.

Access Policy Action Statements

AOS access policies are used to permit, deny, or manipulate (using NAT) data for each interface. Each

ACP consists of a selector (access list) and an action (allow, discard, NAT). When packets are received on

an interface, the configured ACPs are applied to determine whether the data will be processed or discarded.

Possible actions performed by the access policy are as follows:

allow list <access list names>

All packets passed by the access list(s) entered will be allowed to enter the router system.

discard list <access list names>

All packets passed by the access list(s) entered will be dropped from the router system.

or:

[permit | deny icmp [any | host <A.B.C.D> | <A.B.C.D> <W.W.W.W>]

[any | host <A.B.C.D> | <A.B.C.D> <W.W.W.W>] <icmp-type>* <icmp-code>* <icmp-message>*

* = optional

Source IP Address

Destination IP Address

<source port>* [any | host <A.B.C.D> | <A.B.C.D> <W.W.W.W>] <destination port>*

Source IP Address

Destination IP Address

1 2 ... 5 6 7 8 9 10 11 12 13 14 15 ... 21 22

Sin comentarios

ADTRAN E1 Manual de usuario Pagina 10