Zhone 5100 Manual De Referencia

Access control lists (ACLs) are used to allow or filter out IP packets to the 5100/6100 VDR. 

Once the ACL is configured, all subsequent IP packets (except Voice over IP packets) with the 

destination address of the 5100/6100 VDR are subject to the filtering rules configured in the 

ACLs. If an IP packet matches an entry in an ACL, the packet is passed to the appropriate upper 

layer protocol. All unmatched IP packets are dropped. This feature provides protection by 

allowing only selected IP hosts to access the 5100/6100 VDR with specific types of IP traffic.
If there is no access control list entry configured, the system lets all IP packets pass.

You can add an access control list by issuing the set acl add application command. 
Syntax: set acl add application <source_ip><mask> <dest port | application_name 

string| all >  <protocol | all>
Arguments:

srcip

a valid source IP address in standard notation

mask

the subnet mask that corresponds to the source IP address

dest port or application

a port number in the 0-65535 range; telnet, snmp, or web

protocol

tcp, udp, or all

Example 1:

In this example, the script allows only the IP address 172.45.63.4 to access the 5100/6100 VDR 

using TCP. All other IP hosts and UDP/TCP ports are disallowed. 
Example 2:

In this example, the dest port number 8080 is used instead of an application name. This 

configuration restricts the source IP address from network 172.169.210.x specified to have access 

to port 8080 through TCP. Listeners must be configured to listen to port 8080.

VPacket# set acl add application 172.45.63.4 255.255.255.0 telnet tcp

Acl Appl Map Added

VPacket#

VPacket# set acl add application 172.169.210.5 255.255.255.0 8080 tcp

Acl Appl Map Added

VPacket#