Ulterius Technologies LLC FDN40 Benutzerhandbuch
CHAPTER 2: SYSTEM FEATURES
Configuration User Manual
49
© Ulterius Technologies, LLC 2016. Confidential & Proprietary.
2.2.19 Configuring ACL Filters
ACL filters are used to filter packets at the hardware, based on certain
filtering criteria configured/programmed in the switch. The switch examines
each packet to determine whether it is to be blocked or to be forwarded
based on the access lists configured.
filtering criteria configured/programmed in the switch. The switch examines
each packet to determine whether it is to be blocked or to be forwarded
based on the access lists configured.
2.2.19.1 CLI Configuration
The following example shows how to block the ICMP traffic from a host with IP address 12.0.0.100.
Figure 2-1 for set up. Port 1 of the switch is connected to the host. Execute
the following commands in FDN40-1. IP address of Host 1 is assumed as
12.0.0.100.
1. Configure the IP address of the switch as 12.0.0.1.
the following commands in FDN40-1. IP address of Host 1 is assumed as
12.0.0.100.
1. Configure the IP address of the switch as 12.0.0.1.
UltOs# configure terminal
UltOs(config)# interface vlan 1
UltOs(config-if)# shutdown
UltOs(config-if)# ip address 12.0.0.1 255.0.0.0
UltOs(config-if)# no shutdown
UltOs(config-if)# end
2. View the ping between Host 1 and FDN40-1 by executing the following
command in FDN40-1.
UltOs# ping 12.0.0.100
Reply Received From: 12.0.0.100, TimeTaken: 30 msecs
Reply Received From: 12.0.0.100, TimeTaken: 30 msecs
Reply Received From: 12.0.0.100, TimeTaken: 30 msecs
--- 12.0.0.100 Ping Statistics ---
3 Packets Transmitted, 3 Packets Received, 0% Packets
Loss
Loss
3. Enter the Global Configuration mode.
UltOs# configure terminal
4. Create a filter with ID 1001.
UltOs(config)# ip access-list standard 1000
Filter type can be standard. Standard filters are used to filter the traffic based on the
source IP address and destination IP address.. IP Access List is supported only on
WAN side and not on LAN side. In this example, ICMP packets from 12.0.0.100 need
to be filtered.
source IP address and destination IP address.. IP Access List is supported only on
WAN side and not on LAN side. In this example, ICMP packets from 12.0.0.100 need
to be filtered.
5. Deny the ICMP traffic from host 12.0.0.100 to any network/host.
UltOs(config-ext-nacl)# deny host 12.0.0.100 any priority 2
6. Exit from Global Configuration mode.