Patton electronic SmartNode 4110 Series ユーザーズマニュアル
Access control list configuration task list
257
SmartWare Software Configuration Guide
24 • Access control list configuration
Before you begin to enter the commands that create and configure the IP access control list, be sure that you
are clear about what you want to achieve with the list. Consider whether it is better to deny specific accesses
and permit all others or to permit specific accesses and deny all others.
are clear about what you want to achieve with the list. Consider whether it is better to deny specific accesses
and permit all others or to permit specific accesses and deny all others.
Note
Since a single access control list can have multiple filtering criteria state-
ments, but editing those entries online can be tedious. Therefore, we recom-
mend editing complex access control lists offline within a configuration file
and downloading the configuration file later via TFTP to your
SmartNode device.
ments, but editing those entries online can be tedious. Therefore, we recom-
mend editing complex access control lists offline within a configuration file
and downloading the configuration file later via TFTP to your
SmartNode device.
Creating an access control list profile and enter configuration mode
This procedure describes how to create an IP access control list and enter access control list configuration mode
Mode: Administrator execution
name is the name by which the access list will be known. Entering this command puts you into access control list
configuration mode where you can enter the individual statements that will make up the access control list.
configuration mode where you can enter the individual statements that will make up the access control list.
Use the
no
form of this command to delete an access control list profile. You cannot delete an access control
list profile if it is currently linked to an interface. When you leave the access control list configuration mode,
the new settings immediately become active.
the new settings immediately become active.
Example: Create an access control list profile
In the following example the access control list profile named WanRx is created and the shell of the access con-
trol list configuration mode is activated.
trol list configuration mode is activated.
node>enable
node#configure
node(cfg)#profile acl WanRx
node(pf-acl)[WanRx]#
node#configure
node(cfg)#profile acl WanRx
node(pf-acl)[WanRx]#
Adding a filter rule to the current access control list profile
The commands
permit
or deny are used to define an IP filter rule. This procedure describes how to create an
IP access control list entry that permits access
Mode: Profile access control list
This procedure describes how to create an IP access control list entry that denies access
Step
Command
Purpose
1
node(cfg)#profile acl name Creates the access control list profile name and enters the configura-
tion mode for this list
Step
Command
Purpose
1
node(pf-acl)[name]#permit ip {src src-wildcard | any |
host src} {dest dest-wildcard | any | host dest} [cos group]
host src} {dest dest-wildcard | any | host dest} [cos group]
Creates an IP access of control list
entry that permits access defined
according to the command
options
entry that permits access defined
according to the command
options