Filter
Top Products
Chapter 17: Access Control List Configuration Guide
260 SmartSwitch Router User Reference Manual
Otherwise, it will be rejected. To do this, enter the following command in Configure
Mode:
The following ACL illustrates this feature:
Any incoming TCP packet on interface int1 is examined, and if the packet is in response to
an internal request, it is permitted; otherwise, it is rejected. Note that the ACL contains no
restriction for outgoing packets on interface int1, since internal hosts are allowed to access
the outside world.
Creating and Modifying ACLs
The SSR provides two mechanisms for creating and modifying ACLs:
• Editing ACLs on a remote host and uploading them to to the SSR using TFTP or RCP
• Using the SSR’s ACL Editor
The following sections describe these methods.
Editing ACLs Offline
You can create and edit ACLs on a remote host and then upload them to the SSR with
TFTP or RCP. With this method, you use a text editor on a remote host to edit, delete,
replace, or reorder ACL rules in a file. Once the changes are made, you can then upload
the ACLs to the SSR using TFTP or RCP and make them take effect on the running system.
The following example describes how you can use TFTP to help maintain ACLs on the
SSR.
Suppose the following ACL commands are stored in a file on some hosts:
The first command, no acl *, negates all commands that start with the keyword, “acl”.
This tells the SSR to remove the application and the definition of any ACL. You can be
more selective if you want to remove only ACL commands related to, for instance, ACL
Allow TCP responses from external hosts,
provided the connection was established
internally.
acl <name> permit tcp established
acl 101 permit tcp established
acl 101 apply interface int1 input
no acl *
acl 101 deny tcp 10.11.0.0/16 10.12.0.0/16
acl 101 permit tcp 10.11.0.0 any
acl 101 apply interface int12 input