Enterasys ANG-3000 Uživatelská příručka stáhnout pdf (Strana 388)

354 XSR User’s Guide

Configuration Examples Chapter 13

Configuring Security on the XSR

XSR(config)#access-list 1 permit 192.168.10.0 0.0.0.255

XSR(config)#access-list 1 permit 192.168.20.0 0.0.0.255

XSR(config)#access-list 2 permit host 192.168.9.32

XSR(config)#access-list 100 deny ip any host 192.168.1.15

XSR(config)#access-list 100 deny any host 192.168.1.15 any

XSR(config)#access-list 100 deny ip tcp host 192.168.1.15 any

XSR(config)#access-list 100 permit ip 192.168.1.0 0.0.0.255 any

XSR(config)#access-list 100 permit ip any 192.168.1.0 0.0.0.255

Apply the access list to the network interfaces so that everything that is not

permitted will automatically be filtered out, by default.

XSR(config)#interface fastethernet 1

XSR(config-if<F1>)#ip access-group 1 in

XSR(config-if<F1>)#ip access-group 1 out

XSR(config)#interface serial 2/0:0

XSR(config-if<S2/0:0>)#ip access-group 1 in

XSR(config-if<S2/0:0>)#ip access-group 1 out

For security reasons, you can limit the traffic type to certain

ICMP/UDP/TCP/AH, ESP, and GRE ports. To use traffic type as a criteria,

enter the extended

access-list command, with numbers ranging from 100

to 199. The standard

access-list command employs numbers ranging from

1 to 99 and can filter traffic by source IP address(es) only.

Write ACLS to permit Telnet and HTTP sessions. When the access list is

applied to the port only, this type of traffic is allowed to pass through.

XSR(config)#access-list 100 permit tcp any any eq 21

XSR(config)#access-list 100 permit tcp any any eq 80

Create a username with an encrypted password (using the secret option) that is

entered as clear text (using the 0 option).

XSR(config)#username larry password secret 0 larryj

1 2 ... 383 384 385 386 387 388 389 390 391 392 393 ... 413 414

Žádné komentáře

Enterasys ANG-3000 Uživatelská příručka Strana 388