ADTRAN Stub Routing Spezifikationen PDF herunterladen (Seite 462)

PPP Interface Configuration Command Set Command Reference Guide

Associate the access list with the PPP virtual interface (labeled 1):

(config)#

interface ppp 1

(config-ppp 1)#

access-policy UnTrusted

Technology Review

Creating access policies and lists to regulate traffic through the routed network is a four-step process:

Step 1:

Enable the security features of the ADTRAN OS using the ip firewall command.

Step 2:

Create an access list to permit or deny specified traffic. Standard access lists provide pattern

matching for source IP addresses only. (Use extended access lists for more flexible pattern

matching.) IP addresses can be expressed in one of three ways:

1. Using the keyword any to match any IP address. For example, entering deny any will

effectively shut down the interface that uses the access list because all traffic will match the any

keyword.

2. Using the host <A.B.C.D> to specify a single host address. For example, entering permit host

196.173.22.253 will allow all traffic from the host with an IP address of 196.173.22.253.

3. Using the <A.B.C.D> <wildcard> format to match all IP addresses in a “range”. Wildcard masks

work in reverse logic from subnet mask. Specifying a one in the wildcard mask equates to a

“don’t care”. For example, entering deny 192.168.0.0 0.0.0.255 will deny all traffic from the

192.168.0.0/24 network.

The command permit <A.B.C.D> will also be assumed to mean permit host

<A.B.C.D>.

Step 3:

Create an access policy that uses a configured access list. ADTRAN OS access policies are used to

permit, deny, or manipulate (using NAT) data for each physical interface. Each ACP consists of a

selector (access list) and an action (allow, discard, NAT). When packets are received on an

interface, the configured ACPs are applied to determine whether the data will be processed or

discarded. Possible actions performed by the access policy are as follows:

allow list <access list names>

All packets passed by the access list(s) entered will be allowed to enter the router system.

discard list <access list names>

All packets passed by the access list(s) entered will be dropped from the router system.

allow list <access list names> dest-policy <access policy name>

All packets passed by the access list(s) entered and destined for the interface using the access

policy listed will be permitted to enter the router system. This allows for configurations to permit

packets to a single interface and not the entire system.

discard list <access list names> dest-policy <access policy name>

All packets passed by the access list(s) entered and destined for the interface using the access

policy listed will be blocked from the router system. This allows for configurations to deny packets

on a specified interface.

Usage Examples (Continued)

1 2 ... 457 458 459 460 461 462 463 464 465 466 467 ... 567 568

ADTRAN Stub Routing Spezifikationen Seite 462

Kommentare zu diesen Handbüchern

ADTRAN Stub Routing Spezifikationen Seite 462

Kommentare zu diesen Handbüchern

Verwandte Produkte und Handbücher für Vernetzung ADTRAN Stub Routing