Avaya X330WAN Network Router User Manual


  Open as PDF
of 264
 
Chapter 4 Operational Concepts and Configuration Examples
52 Avaya X330WAN User’s Guide
Controlling Network Access to the X330WAN
X330WAN enables you to control access to its router interfaces using the “single
point of presence” characteristics of the Layer 2 Loopback interface. This is an
alternative to configuring Access Control rules separately on each router interface.
By activating Access Control rules on a Loopback interface, you can control all
traffic entering and leaving the X330WAN’s CPU. Different Access Lists can be
configured on the “Loopback in” and “Loopback out” interfaces.
Note: A Policy list activated on a Loopback interface applies only to packets
destined to the router interface, and not to packets routed by the CPU.
For example: An Access Control rule denying Telnet sessions placed on the
Loopback interface prevent Telnet access to the CPU, thus preventing any
configuration changes to the module. This rule does not prevent Telnet sessions
between any two users connected to the X330WAN interfaces.
Perform the following to activate such a Policy list on the Loopback interface using
the CLI:
1 Create an Access Control List by entering:
ip access-list 101 1 deny tcp
any any eq 23
Where 101 is the Access list number, 1 is the number of the Rule in the list, Deny
is the action, and 23 is the tcp Telnet port number.
2Type
interface Loopback 1 to enter the Loopback1 interface.
3Use the
ip access-group 101 in command to activate the new Access
Control list created in step 1 on the ingress direction of the Loopback1 interface.
Note: In order to apply an Access Control List to the router interfaces, the Policy
should be applied on Loopback1 interface (
interface loopback1). If additional
Loopback interfaces have been created, applying Policy on them does not take
affect. No CLI message informs you of this during the configuration.
show ip composite-op
Displays a composite operation of a Policy list.
show ip active-access-
groups
Displays the active Policy list for each context/
direction.
 previous next