Patton electronic SmartNode 4110 Series ユーザーズマニュアル
Examples
266
SmartWare Software Configuration Guide
24 • Access control list configuration
Examples
Denying a specific subnet
Figure 39
Figure 39
shows an example in which a server attached to network 172.16.1.0 shall not be accessible from outside
networks connected to IP interface lan. To prevent access, an incoming filter rule named Jamming is defined,
which blocks any IP traffic from network 172.16.2.0 and has to be bound to IP interface lan.
which blocks any IP traffic from network 172.16.2.0 and has to be bound to IP interface lan.
Figure 39. Deny a specific subnet on an interface
The commands that have to be entered are listed below.
172.16.2.1>enable
172.16.2.1#configure
172.16.2.1(cfg)#profile acl Jamming
172.16.2.1(pf-acl)[Jamming]#deny ip 172.16.2.0 0.0.0.255 172.16.1.0 0.0.0.255
172.16.2.1(pf-acl)[Jamming]#permit ip any any
172.16.2.1(pf-acl)[Jamming]#exit
172.16.2.1(cfg)#context ip router
172.16.2.1(cfg-ip)[router]#interface lan
172.16.2.1(if-ip)[lan]#use profile acl Jamming in
172.16.2.1(if-ip)[lan]#exit
172.16.2.1(cfg-ip)#copy running-config startup-config
172.16.2.1#configure
172.16.2.1(cfg)#profile acl Jamming
172.16.2.1(pf-acl)[Jamming]#deny ip 172.16.2.0 0.0.0.255 172.16.1.0 0.0.0.255
172.16.2.1(pf-acl)[Jamming]#permit ip any any
172.16.2.1(pf-acl)[Jamming]#exit
172.16.2.1(cfg)#context ip router
172.16.2.1(cfg-ip)[router]#interface lan
172.16.2.1(if-ip)[lan]#use profile acl Jamming in
172.16.2.1(if-ip)[lan]#exit
172.16.2.1(cfg-ip)#copy running-config startup-config
Host
Server
Node
Node
172.16.2.1/24
172.16.1.1/24
secure
lan
172.16.1.0
172.16.2.0
172.16.2.13/24