1. Manuals
  2. Brands
  3. Juniper Manuals
  4. Software
  5. JUNOSE SOFTWARE FOR E SERIES 11.3.X - IP SERVICES CONFIGURATION GUIDE...
  6. Configuration manual

Creating Access List Rules; Defining Address Pools - Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - IP SERVICES CONFIGURATION GUIDE 2010-10-01 Configuration Manual

Software for e series broadband services routers ip services configuration guide
Hide thumbs
Table of Contents

Advertisement

JunosE 11.3.x IP Services Configuration Guide

Creating Access List Rules

access-list

Defining Address Pools

72
Before you create a dynamic translation, create the access list rules that you plan to
apply to the translation. For information about configuring access lists, see "Configuring
Routing Policy" on page 3.
The router evaluates multiple commands for the same access list in the order they were
created. An undefined access list implicitly contains a rule to permit any. A defined access
list implicitly ends with a rule to deny any.
NOTE: The access lists do not filter any packets; they determine whether the
packet requires translation.
You use the access-list command to create an access list.
Use to define an IP access list to permit or deny translation based on the addresses in
the packets.
Each access list is a set of permit or deny conditions for routes that are candidates for
translation (that is, moving from the inside network to the outside network).
A zero in the wildcard mask means that the route must exactly match the corresponding
bit in the address. A one in the wildcard mask means that the route does not have to
match the corresponding bit in the address.
Use the log keyword to log an Info event in the ipAccessList log whenever matching
an access list rule.
Example
host1(config)#access-list bronze permit ip host any 228.0.0.0 0.0.0.255
Use the no version to delete the access list (by not specifying any other options), the
specified entry in the access list, or the log for the specified access list or entry (by
specifying the log keyword).
See access-list.
Before you can configure dynamic translation, create an address pool. An address pool
is a group of IP addresses from which the NAT router obtains an address when dynamically
creating a new translation. You can create address pools with either a single range or
multiple, nonoverlapping ranges.
When you create a single range, you specify the starting and ending IP addresses for the
range in the root ip nat pool command. However, when you create multiple,
nonoverlapping ranges, you omit the optional starting and ending IP addresses in the
root ip nat pool command; this launches the IP NAT Pool Configuration
(config-ipnat-pool) mode.
Copyright © 2010, Juniper Networks, Inc.

Advertisement

Table of Contents
loading

Related Manuals for Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - IP SERVICES CONFIGURATION GUIDE 2010-10-01

Related Content for Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - IP SERVICES CONFIGURATION GUIDE 2010-10-01

This manual is also suitable for:

Junose 11.3

Table of Contents