- 80 -
Case 2: Deny specific Source IP Address – Class C
Purpose:
Verify a positive and negative matches to network IP address with a Class C (24 bit mask) , no matter the rule
defined as permit or deny.
1. Set Hosts within the same Class C Network domain, as the targets at this case.
2. Once the deny policy be applied, all IP packets from the targets’ IP Addresses will be dropped.
3. No matter IP packets form the targets be transmitted to Internet or Intranet within the same IP segment, they
will be dropped.
Case Design:
Action DENY
Match IP
Source IP Address
Class C
192.168.1.0 / 255.255.255.0
Destination IP Address ANY
Device Connection and Configuration:
Stream
Target
ID Source Address Destination Address
Protocol
Class C
2 192.168.1.0 / 255.255.255.0 Any Any
ACL Policy Configuration: