Manualshelf

Specifications

ManualsBrandsCisco ManualsComputer equipmentOL-4015-08
141142143144145146147148149150
Chapter 5 Configuring Access Lists and Filtering GSS Traffic
Filtering GSS Traffic Using Access Lists
5-6
Cisco Global Site Selector Administration Guide
OL-5480-01
Kernel output
access-list acl_1 on interface eth0 (1 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:20:23
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:20
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:21
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:23
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:53
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:123 dpt:123
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:161
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:1304 dpt:1304
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:2000
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:2001:2005
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spts:2001:2005
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:3002:3008
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spts:3002:3008
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:5002
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:1974 dpt:1974
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5001
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:5001
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
DROP all -- 0.0.0.0/0 0.0.0.0/0
Associating an Access List with a GSS Interface
After you create an access list, associate it with one or both of the GSS Ethernet
interfaces before you use the access list to filter incoming traffic received by the
interface. If no access lists are associated with an interface, the GSS allows all
incoming traffic received on that interface. After you apply an access list, the GSS
allows only the type of traffic explicitly permitted by the access list. The GSS
disallows all other traffic.
Use the access-group command in global configuration mode to associate an
access list with a GSS interface. You must have access to the CLI of each GSS
device to associate access lists with a GSS interface.
The syntax for the access-group command is:
access-group name interface {eth0 | eth1}