Manualsbrain.com
  1. Manuales
  2. Marcas
  3. DELL
  4. N3000
  5. Manual De Usuario

DELL N3000 Manual De Usuario

Descargar
Página de 1460
Configuring Access Control Lists
631
following list has corrected rules that allow Telnet and UDP packets only and 
rely on the implicit "deny all" after the end of the last access group to deny 
other traffic.
ip access-list Host10-1-1-23
! Permit Telnet traffic from 192.168.0.X network to host 10.1.1.23
permit tcp 192.168.0.0 0.0.0.255 host 10.1.1.23 eq telnet
! Permit UDP traffic from 192.168.0.X network to host 10.1.1.23
permit udp 192.168.0.0 0.0.0.255 host 10.1.1.23
ACLs support TCP and UDP port matching using operators:
ip access-list Host10-1-1-23
! Permit Telnet traffic from 192.168.0.X network to host 10.1.1.23
permit tcp 192.168.0.0 0.0.0.255 host 10.1.1.23 eq telnet
! Permit UDP traffic from 192.168.0.X network to host 10.1.1.23
permit udp 192.168.0.0 0.0.0.255 host 10.1.1.23
ip access-list Host10-1-1-23
! Permit Telnet traffic from 192.168.0.X network to host 10.1.1.23
permit tcp 192.168.0.0 0.0.0.255 host 10.1.1.23 eq telnet
! Permit UDP traffic from 192.168.0.X network to host 10.1.1.23
permit udp 192.168.0.0 0.0.0.255 host 10.1.1.23
The range operator is inclusive of the specified port parameters.
ACLs support TCP flags. If multiple flags are set (+flag) in a single rule, only 
packets with the all the same flags asserted are matched (logical AND). 
Likewise, if multiple flags are cleared (–flag) in a single rule, only packets with 
the same flags cleared are matched. The established keyword matches TCP 
packets with either the RST or ACK bits set (logical OR). Flags that are 
neither set nor cleared in the rule are not checked in the ACL (don't care or 
wildcard).
ip access-list Host10-1-1-23
! Permit Telnet traffic from 192.168.0.X network to host 10.1.1.23
permit tcp 192.168.0.0 0.0.0.255 host 10.1.1.23 eq telnet
! Permit UDP traffic from 192.168.0.X network to host 10.1.1.23
permit udp 192.168.0.0 0.0.0.255 host 10.1.1.23
The following is an example rule to match TCP packets with the PUSH flag 
asserted AND the RESET flag cleared. The other flags bits are "don't care":
ip access-list Host10-1-1-23