User`s guide
PassFinder AP2520 VoIP Router/Gateway Operation Manual Version 1.10 / Mar. 2002
AddPac Technology Co., Ltd. -
111 -
[Example] Extended Access-List Configuration and Usage
router (config)# ☞ In this mode, Access-list Config is
possible.
router (config)# access-list 31 deny tcp 140.1.1.0
0.0.0.255 145.1.1.0 0.0.0.255 eq ftp
☞ Denies all TCP
packets accessing to the host whose destination address is
“145.1.1.0/24Bit” from “140.1.1.0/24bit” of the source address
through the ftp port.
router (config)# access-list 31 deny tcp 140.1.1.0
0.0.0.255 145.1.1.0 0.0.0.255 eq ftp-data
☞ Denies all TCP
packets accessing to the host whose destination is
“145.1.1.0/24Bit” from “140.1.1.0/24bit” of the source address
through the ftp-data port.
router (config)# access-list 31 permit tcp 140.1.1.0
0.0.0.255 145.1.1.0 0.0.0.255 eq ftp establish
☞ Permits
only packets whose sessions are set already among the TCP packets
accessing to the host whose destination is “145.1.1.0/24Bit”
from “140.1.1.0/24bit” of the source address through the ftp
port.
router (config)# access-list 31 permit ip any any ☞ Permits
all IP packets except those matching conditions above.
router (config)# interface Ethernet 0 0 ☞ Enters into the
configuration mode of the interface Ethernet 0.0
router (config-ether0.0)# ip access-group 31 in ☞ Applies
the Access-List 31 that has been set for all IP packets incoming
through the Ethernet 0.0 interface.
router (config-ether0.0)# end
router # show access-list 31
☞ Shows the Access-List 31 that
has been set.
Extended Access List (Index = 31)
1 : deny tcp 140.1.1.0 0.0.0.255 145.1.1.0 0.0.0.255
2 : deny tcp 140.1.1.0 0.0.0.255 145.1.1.0 0.0.0.255 eq
ftp-data