Enterasys ssr-glx19-02 Guia Do Utilizador
Chapter 13: Configuring Security on the SSR
224
CoreWatch User’s Manual
11. Do one of the following:
–
If you have defined all of the rules for the ACL, click Finish.
–
If you want to define additional rules, select the Add More Rules check box and click
Next
Next
.
12. If you selected the Add More Rules check box, define another rule in the IPX SAP ACL
Rule panel that appears. To do so repeat
and
until you define all the
desired rules for the ACL.
After you finish defining all of an ACL’s rules, Configuration Expert adds the ACL to the
IPX SAP ACLs object. Configuration Expert also adds a separate object for each rule and
places this list of rules in the ACL object.
IPX SAP ACLs object. Configuration Expert also adds a separate object for each rule and
places this list of rules in the ACL object.
The rule numbers displayed in an ACL’s list of rules, are automatically assigned by
Configuration Expert. A rule’s number is included in the Rule # box of the IPX ACL Rule
panel when you are defining that rule.
Configuration Expert. A rule’s number is included in the Rule # box of the IPX ACL Rule
panel when you are defining that rule.
Applying ACLs to IP or IPX Interfaces
Defining an ACL specifies what sort of traffic to permit or deny. However, an ACL has no
effect unless it is applied to an interface. An ACL can be applied to examine either
inbound or outbound traffic. Inbound traffic is traffic coming into the router. Outbound
traffic is traffic that is going out of the router. When you apply an ACL to an interface, you
implicitly enable access control on that interface.
effect unless it is applied to an interface. An ACL can be applied to examine either
inbound or outbound traffic. Inbound traffic is traffic coming into the router. Outbound
traffic is traffic that is going out of the router. When you apply an ACL to an interface, you
implicitly enable access control on that interface.
In general, you should try to apply ACLs at the inbound interfaces instead of the
outbound interfaces. If a packet is to be denied, you want to drop the packet as early as
possible, at the inbound interface. Otherwise, the router will have to process the packet,
determine where the packet should go only to find out that the packet should be dropped
at the outbound interface. In some cases, however, it may not be simple or possible for the
outbound interfaces. If a packet is to be denied, you want to drop the packet as early as
possible, at the inbound interface. Otherwise, the router will have to process the packet,
determine where the packet should go only to find out that the packet should be dropped
at the outbound interface. In some cases, however, it may not be simple or possible for the
Service Type
Enter the SAP service type.
You may enter the service type as hexadecimal or select one
of the choices from the Service Type drop-down list. You do
not need to use a “0x” prefix. You can enter ANY to specify a
wildcard (“don’t care”) condition.
of the choices from the Service Type drop-down list. You do
not need to use a “0x” prefix. You can enter ANY to specify a
wildcard (“don’t care”) condition.
Network Address
Enter the SAP server’s network address You can enter ANY
to specify a wildcard (“don’t care”) condition.
to specify a wildcard (“don’t care”) condition.
Node (MAC) Address
Enter the SAP server’s MAC address. You can enter ANY to
specify a wildcard (“don’t care”) condition.
specify a wildcard (“don’t care”) condition.
Table 26. IPX SAP ACL rule criteria fields (continued)
Field
Description