Configuration Example - AudioCodes Mediant MSBR Series Configuration Manual

Configuration Guide
2.1

Configuration Example

This example configures an ACL rule called "DC-Access" that allows traffic from any source
to a specific class C subnet:
# configure data
(config-data)# access-list DC-Access permit ip any 192.168.100.0
0.0.0.255 log
(config-data)# access-list DC-Access permit ip any 192.168.110.0
0.0.0.255 log
(config-data)# access-list DC-Access permit ip any 192.168.120.0
0.0.0.255 log
(config-data)# access-list DC-Access deny ip any any log
# show data access-lists
Extended IP access list DC-Access
DC-Access permit ip any 192.168.100.0 0.0.0.255 log
DC-Access permit ip any 192.168.110.0 0.0.0.255 log
DC-Access permit ip any 192.168.120.0 0.0.0.255 log
DC-Access deny ip any any log
#
The following example allows access from any IP to segment 192.168.199.0/24 only for SSH
(TCP port 22), Telnet (TCP port 23), SNMP (UDP port 162) and UDP port 2032. For
everything else, traffic is denied.
(config-data)# access-list DC-Access permit tcp any 192.168.199.0
0.0.0.255 eq 22 log
(config-data)# access-list DC-Access permit tcp any 192.168.199.0
0.0.0.255 eq 23 log
(config-data)# access-list DC-Access permit udp any 192.168.199.0
0.0.0.255 eq 162 stateless log
(config-data)# access-list DC-Access permit udp any 192.168.199.0
0.0.0.255 eq 2032 stateless log
(config-data)# access-list DC-Access deny ip any any
(config-data)#
The following example configures an ACL using the ip access-list command:
(config-data)# ip access-list extended DC-Access
(config-ext-nacl)# permit ip any 192.168.10.0 0.0.0.255 log
(config-ext-nacl)# deny ip any any log
(config-ext-nacl)#
Version 7.2
(0 matches)
11
2. Access Control List
(0 matches)
(0 matches)
(0 matches)
Security Setup