AR Series Router packet filtering control access list Configuration method _ routers, switches

Source: Internet
Author: User
Tags switches
Internal network address 192.168.1.0/25 access to extranet does not restrict
For intranet address 192.168.1.128/25 only allow to send and receive mail, do not allow access to extranet
#
sysname Routera
#
Firewall enable/enable firewall function
Firewall default deny/configure firewall default action for deny/

#

RADIUS scheme System

#

Domain system

#

ACL number 2000/define acl/for NAT conversion

Rule 0 Permit Source 192.168.1.0 0.0.0.255

Rule 1 deny

#

ACL number 3001/define acl/for packet filtering

Rule 0 Permit IP source 192.168.1.0 0.0.0.127

/intranet address 192.168.1.0/25 access to extranet without restriction

Rule 1 Permit the TCP source 192.168.1.128 0.0.0.127 destination-port eq POP3

Rule 2 Permit TCP source 192.168.1.128 0.0.0.127 destination-port eq SMTP

/intranet address 192.168.1.128/25 can only send and receive mail/

#

Interface ethernet1/0/0

IP address 192.168.1.1 255.255.255.0

Firewall Packet-filter 3001 Inbound/To inbound flow using packet filter/

#

Interface serial2/0/0

Link-protocol PPP

IP address 202.101.1.2 255.255.255.252

Nat Outbound 2000

#

Interface NULL0

#

IP route-static 0.0.0.0 0.0.0.0 202.101.1.1 Preference 60

#

User-interface Con 0

User-interface vty 0 4

#

Return
Verify that the firewall does take effect by viewing disp firewall-statistics all, disp ACL 3001

Disp Firewall-statistics All



Firewall is enable, the default filtering method is ' deny '.

interface:ethernet1/0/0

In-bound Policy:acl 3001

Fragments matched normally

From 2006-05-31 5:05:50 to 2006-05-31 6:32:49

198 packets, 24129 bytes, 4% permitted,

0 packets, 0 bytes, 0% denied,

0 packets, 0 bytes, 0% permitted default,

5919 packets, 1021492 bytes, 96% denied default,

Totally 198 packets, 24129 bytes, 4% permitted,

Totally 5919 packets, 1021492 bytes, 96% denied.




Disp ACL 3001

Advanced ACL 3001, 3 rules

ACL ' s step is 1

Rule 0 Permit IP source 192.168.1.0 0.0.0.127 (194 times matched)

Rule 1 Permit TCP source 192.168.1.128 0.0.0.127 destination-port eq POP3 (9 times matched)

Rule 2 Permit TCP source 192.168.1.128 0.0.0.127 destination-port eq smtp (0 times matched)



Prompted

1, the system by default to prohibit the firewall (firewall disable), you need to use the command "firewall enable" to enable the firewall function

2, firewall default filtering mode is allowed to pass (permit), can be modified by "firewall default Deny" to prohibit through

3, in the use of packet filtering, and at the same time using DHCP server to assign addresses, you need to add a "Rule 0 permit IP source 0.0.0.0 0" in ACL 3001, otherwise DHCP server cannot assign addresses.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.