Riverstone Networks WICT1-12 Network Router User Manual

Open as PDF

of 718

24-14 Riverstone Networks RS Switch Router User Guide Release 8.0

Enabling ACL Logging Access Control List Configuration

The following command creates a Web caching policy that prevents packets matching Profile ACL prof4’s selection

criteria (that is, packets with a source address of 10.10.10.10 and a destination address of 1.2.3.4) from being redirected

to a cache server. Packets that match the profile’s selection criteria are sent to the Internet instead.

When the Web caching policy is applied to an interface (with the

web-cache apply interface

command), HTTP

traffic with a source address of 10.10.10.10 and a destination address of 1.2.3.4 goes to the Internet instead of to the

cache servers.

You can also use a Profile ACL to prevent certain Web objects from being cached. For example, you can specify that

information in packets originating from Internet site 1.2.3.4 and destined for local host 10.10.10.10 not be sent to the

cache servers. The following commands illustrate this example.

This command creates a Profile ACL called prof5 that uses as its selection criteria all packets with a source address of

1.2.3.4 and a destination address of 10.10.10.10:

To have packets matching Profile ACL prof5’s selection criteria bypass the cache servers, use the following command:

When the Web caching policy is applied to an interface, information in packets originating from source address 1.2.3.4

and destined for address 10.10.10.10 is not sent to the cache servers.

See Section 22.2, "Web Caching," for more information on using the

web-cache

command.

24.4 ENABLING ACL LOGGING

To see whether incoming packets are permitted or denied because of an ACL, you can enable ACL logging. You can

enable logging when applying the ACL or you can enable logging for a specific ACL rule.

The following commands define an ACL and apply the ACL to an interface, with logging enabled for the ACL:

rs(config)#

web-cache policy1 deny hosts profile prof4

rs(config)#

acl prof5 permit ip 1.2.3.4 10.10.10.10

rs(config)#

web-cache policy1 create bypass-list profile prof5

acl 101 deny ip 10.2.0.0/16 any any any

acl 101 permit ip any any any any

acl 101 apply interface int1 input logging on

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Riverstone Networks WICT1-12 Network Router User Manual