Controlling Access To A Line Or Interface; Controlling Policy Routing And The Filtering Of Routing Information; Controlling Dialer Functions - Cisco MWR 1941-DC - 1941 Mobile Wireless Router Software Configuration Manual

Chapter 6 Configuring the MWR 1941-DC in a Cell Site DCN

Controlling Access to a Line or Interface

After you create an access list, you can apply it to one or more interfaces. Access lists can be applied on
either outbound or inbound interfaces. This section describes guidelines on how to accomplish this task
for both terminal lines and network interfaces. Remember the following:
•
•
To restrict access to a vty and the addresses in an access list, use the following command in line
configuration mode. Only numbered access lists can be applied to lines. Set identical restrictions on all
the virtual terminal lines, because a user can attempt to connect to any of them.
Command
Router(config-line)# access-class access-list-number {in
| out}
To restrict access to an interface, use the following command in interface configuration mode:
Command
Router(config-if)# ip access-group {access-list-number |
access-list-name} {in | out}
For inbound access lists, after receiving a packet, the Cisco IOS software checks the source address of
the packet against the access list. If the access list permits the address, the software continues to process
the packet. If the access list rejects the address, the software discards the packet and returns an ICMP
host unreachable message.
For outbound access lists, after receiving and routing a packet to a controlled interface, the software
checks the source address of the packet against the access list. If the access list permits the address, the
software sends the packet. If the access list rejects the address, the software discards the packet and
returns an ICMP host unreachable message.
When you apply an access list that has not yet been defined to an interface, the software will act as if the
access list has not been applied to the interface and will accept all packets. Remember this behavior if
you use undefined access lists as a means of security in your network.

Controlling Policy Routing and the Filtering of Routing Information

To use access lists to control policy routing and the filtering of routing information, see the "Configuring
IP Routing Protocol-Independent Features" chapter in the Cisco IOS IP Configuration Guide.

Controlling Dialer Functions

To use access lists to control dialer functions, refer to the "Preparing to Configure DDR" chapter in the
Cisco IOS Dial Technologies Configuration Guide.
OL-11503-01
When controlling access to a line, you must use a number.
When controlling access to an interface, you can use a name or number.
Cisco MWR 1941-DC Mobile Wireless Edge Router Software Configuration Guide
Filtering IP Packets Using Access Lists
Purpose
Restricts incoming and outgoing connections between a
particular vty (into a device) and the addresses in an
access list.
Purpose
Controls access to an interface.
6-59