Juniper Networks EX2500 User Manual
Using ACL Filters
57
Chapter 5: Quality of Service
3.
Verify the configuration.
ex2500# show access-lists 1
Standard IP Access List 1
----------------------------
Source IP address : 0.0.0.0
Source IP address mask : 0.0.0.0
Destination IP address : 100.10.1.1
Destination IP address mask : 255.255.255.255
In Port List : 1
Filter Action : Deny
Status : InActive
----------------------------
Source IP address : 0.0.0.0
Source IP address mask : 0.0.0.0
Destination IP address : 100.10.1.1
Destination IP address mask : 255.255.255.255
In Port List : 1
Filter Action : Deny
Status : InActive
ACL Example 2—Blocking Traffic from a Source to a Destination
Use this configuration to block traffic from a network destined for a specific host
address. All traffic that ingresses port 10 with source IP from the class
address. All traffic that ingresses port 10 with source IP from the class
100.10.1.0/24
and destination IP
200.20.2.2
is denied.
1.
Configure an Access Control List.
ex2500(config)# access-list ip 160 standard
ex2500(config-std-nacl)# deny 100.10.1.0 255.255.255.0 host 200.20.2.2
ex2500(config-std-nacl)# exit
ex2500(config-std-nacl)# deny 100.10.1.0 255.255.255.0 host 200.20.2.2
ex2500(config-std-nacl)# exit
2.
Assign the ACL to port 10.
ex2500(config)# interface port 10
ex2500(config-if)# ip access-group 160 in
ex2500(config-if)# exit
ex2500(config-if)# ip access-group 160 in
ex2500(config-if)# exit
ACL Example 3—Blocking HTTP Traffic
Use this configuration to block HTTP traffic on a port.
1.
Configure an Access Control List.
ex2500(config)# access-list ip 170 extended
ex2500(config-ext-nacl)# deny tcp any any eq 80
ex2500(config-ext-nacl)# exit
ex2500(config-ext-nacl)# deny tcp any any eq 80
ex2500(config-ext-nacl)# exit
2.
Add the ACL to a port.
ex2500(config)# interface port 12
ex2500(config-if)# ip access-group 170 in
ex2500(config-if)# exit
ex2500(config-if)# ip access-group 170 in
ex2500(config-if)# exit