Patton electronic SmartNode 4110 Series ユーザーズマニュアル
Access control list configuration task list
256
SmartWare Software Configuration Guide
24 • Access control list configuration
•
All access control lists have an implicit deny ip any any at the end. A packet that does not match the criteria
of the first statement is subjected to the criteria of the second statement and so on until the end of the access
control list is reached, at which point the packet is dropped.
of the first statement is subjected to the criteria of the second statement and so on until the end of the access
control list is reached, at which point the packet is dropped.
•
Filter types include IP, Internet Control Message Protocol (ICMP), Transmission Control Protocol (TCP),
User Datagram Protocol (UDP), and Stream Control Transmission Protocol (SCTP).
User Datagram Protocol (UDP), and Stream Control Transmission Protocol (SCTP).
•
An empty access control list is treated as an implicit deny ip any any list.
Note
Two or more administrators should not simultaneously edit the configura-
tion file. This is especially the case with access lists. Doing this can have
unpredictable results.
tion file. This is especially the case with access lists. Doing this can have
unpredictable results.
Once in access control list configuration mode, each command creates a statement in the access control list.
When the access control list is applied, the action performed by each statement is one of the following:
When the access control list is applied, the action performed by each statement is one of the following:
•
permit statement causes any packet matching the criteria to be accepted.
•
deny statement causes any packet matching the criteria to be dropped.
To delete an entire access control list, enter configuration mode and use the
no
form of the
profile acl
com-
mand, naming the access list to be deleted, e.g. no profile acl name. To unbind an access list from the interface
to which it was applied, enter the IP interface mode and use the
to which it was applied, enter the IP interface mode and use the
no
form of the access control list command.
Access control list configuration task list
To configure an IP access control list, perform the tasks in the following sections.
•
Mapping out the goals of the access control list
•
Creating an access control list profile and enter configuration mode (see
•
Adding a filter rule to the current access control list profile (see
•
Adding an ICMP filter rule to the current access control list profile (see
)
•
Adding a TCP, UDP or SCTP filter rule to the current access control list profile (see
)
•
Binding and unbinding an access control list profile to an IP interface (see
•
Displaying an access control list profile (see
)
•
Debugging an access control list profile (see
Mapping out the goals of the access control list
To create an access control list you must:
•
Specify the protocol to be filtered
•
Assign a unique name to the access list
•
Define packet-filtering criteria
A single access control list can have multiple filtering criteria statements.