Avaya 580 Manual Do Utilizador
Document No. 10-300077, Issue 2
13-3
Configuring Access Lists
An ACL name can be a number. For example, you can create a list whose
name is 1 or 151. If you chose to use numbers, keep in mind the following
restrictions:
name is 1 or 151. If you chose to use numbers, keep in mind the following
restrictions:
■
Numbers 1 through 99 are reserved for Standard type Rules ONLY.
So, for example, if you try to create an Extended Rule whose ACL
Name is 1, it will be rejected.
So, for example, if you try to create an Extended Rule whose ACL
Name is 1, it will be rejected.
■
Numbers 100 through 199 are reserved for Extended type Rules
ONLY. So, for example, if you try to create a Standard Rule whose
ACL Name is 100, it will be rejected.
ONLY. So, for example, if you try to create a Standard Rule whose
ACL Name is 100, it will be rejected.
■
ACL names that contain any letter (Alphabetic) character, can be
either Standard or Extended.
either Standard or Extended.
■
You cannot mix ACL types in a list. This means that if you create an
ACL with a Standard Rule with ACL Name Test1, you cannot
create an Extended Rule in ACL Test1. If you do, you will receive
the following message:
ACL with a Standard Rule with ACL Name Test1, you cannot
create an Extended Rule in ACL Test1. If you do, you will receive
the following message:
Access Rule Name is already being used by the other
type.
Choose a different name and try again
How Packets are
Processed
Processed
Assuming an ACL is active, when a packet arrives on the Avaya
Multiservice switch, the parameters in the packet are compared to the
parameters in the Access Rule starting with the lowest index number. If
there is a match, that rule is applied to the packet and the search stops.
Multiservice switch, the parameters in the packet are compared to the
parameters in the Access Rule starting with the lowest index number. If
there is a match, that rule is applied to the packet and the search stops.
If the 5-tuple’s of the packet and rule do not match, the next (higher index)
rule is compared. This process continues until a match is found, or there are
no more rules. There is an implied permit all at the end of every list.
Therefore, if no match is found, the packet is forwarded with the priority
un-changed.
rule is compared. This process continues until a match is found, or there are
no more rules. There is an implied permit all at the end of every list.
Therefore, if no match is found, the packet is forwarded with the priority
un-changed.
What are
Wildcards?
Wildcards?
Wildcards are a template that govern which part of an IP address is
significant when evaluating a rule. When you create a rule based on source
or destination IP address, you must also specify the Wildcard.
significant when evaluating a rule. When you create a rule based on source
or destination IP address, you must also specify the Wildcard.
Wildcards are in principal, the same as a subnet mask. The differences are
you invert the mask’s bits and there is no requirement of contiguous bits.
For Example: a decimal wildcard of 0.255.0.255 is allowed.
you invert the mask’s bits and there is no requirement of contiguous bits.
For Example: a decimal wildcard of 0.255.0.255 is allowed.
For example: If you want to create a rule that blocks all traffic on the
192.168.24.0 (subnet mask 255.255.255.0) network, you would specify a
Wildcard of 0.0.0.255 in the rule.
192.168.24.0 (subnet mask 255.255.255.0) network, you would specify a
Wildcard of 0.0.0.255 in the rule.
If you wanted to block traffic from a specific host whose IP address was
192.168.24.143 (subnet mask 255.255.255.0) you would specify a Wildcard
of 0.0.0.0. This mask “tells” the supervisor to evaluate the entire IP address
when evaluating a packet against the rule.
192.168.24.143 (subnet mask 255.255.255.0) you would specify a Wildcard
of 0.0.0.0. This mask “tells” the supervisor to evaluate the entire IP address
when evaluating a packet against the rule.