User`s guide

354 XSR Users Guide
Configuration Examples Chapter 13
Configuring Security on the XSR
XSR(config)#access-list 1 permit 192.168.10.0 0.0.0.255
XSR(config)#access-list 1 permit 192.168.20.0 0.0.0.255
XSR(config)#access-list 2 permit host 192.168.9.32
XSR(config)#access-list 100 deny ip any host 192.168.1.15
XSR(config)#access-list 100 deny any host 192.168.1.15 any
XSR(config)#access-list 100 deny ip tcp host 192.168.1.15 any
XSR(config)#access-list 100 permit ip 192.168.1.0 0.0.0.255 any
XSR(config)#access-list 100 permit ip any 192.168.1.0 0.0.0.255
Apply the access list to the network interfaces so that everything that is not
permitted will automatically be filtered out, by default.
XSR(config)#interface fastethernet 1
XSR(config-if<F1>)#ip access-group 1 in
XSR(config-if<F1>)#ip access-group 1 out
XSR(config)#interface serial 2/0:0
XSR(config-if<S2/0:0>)#ip access-group 1 in
XSR(config-if<S2/0:0>)#ip access-group 1 out
For security reasons, you can limit the traffic type to certain
ICMP/UDP/TCP/AH, ESP, and GRE ports. To use traffic type as a criteria,
enter the extended
access-list command, with numbers ranging from 100
to 199. The standard
access-list command employs numbers ranging from
1 to 99 and can filter traffic by source IP address(es) only.
Write ACLS to permit Telnet and HTTP sessions. When the access list is
applied to the port only, this type of traffic is allowed to pass through.
XSR(config)#access-list 100 permit tcp any any eq 21
XSR(config)#access-list 100 permit tcp any any eq 80
Create a username with an encrypted password (using the secret option) that is
entered as clear text (using the 0 option).
XSR(config)#username larry password secret 0 larryj